The trusted_host_patterns setting is not configured for your Drupal installation. This setting can be configured from settings.php and protects against HTTP Host Header attacks. This should be an array of regular expression patterns, representing the hosts you would like to allow. It's recommended to configure this setting in a production website.


Edit settings.php and configure trusted_host_patterns as you can see in the example below.

In this example, the site is only allowed to run from

$settings['trusted_host_patterns'] = [


Related Vulnerabilities