After a fresh installation of Drupal, you’ll also need to enable ‘Trusted Host Settings’. In this article, we’ll give you step-by-step instructions on how to enable ‘Trusted Host Settings’. Some steps are little tricky, so please follow them closely.
‘Trusted Host Setting’ Error
From your drupal site, Manage->Report->Status Report, you’ll see one error.
Continuing to details, you’ll see the error message saying ‘Trusted Host Setting’ is not enabled. The link provided with the error explains why we need to fix the error but does not give out how to fix it.
Enable ‘Trusted Host Setting’
We need to go to your drupal installed directory first.
cd #drupal-dir
cd web/sites/default
Take a look at the files in this directory.
# ls
default.services.yml default.settings.php files settings.php
If settings.php exists, drupal uses it as the setting. default.settings.php is the last resort. This document explains this behavior.
For security purposes, settings.php is set to READ-ONLY by drupal. So you need to give it written permission before editing it.
chmod a+w settings.php
Open settings.php, then search ‘trusted_host_pattern‘. Do not just uncomment it, as it’s very tricky. It’s inside a big /* */ comment block. Instead, copy the following lines outside the current comment block.
$settings['trusted_host_patterns'] = [
'^www\.yourdomain\.com$',
];
Always change yourdomain to your real domain. Otherwise, you’ll see the following error message with your site.
For security reasons, turn off the written permission for settings.php.
chmod a-w settings.php
At this point, go back to your site’s status report. You won’t be able to see the error message again.
For further reading, please refer to Trusted Host Setting from the Drupal official document.
Conclusion
Sometimes, we need to be careful not to fall into pitfalls. In the above steps, putting the setting outside commenting block is very tricky and not intuitive. Many people made the same mistake.
If you have any suggestions, please leave a comment below.