I have a Drupal 10 site that I just installed for the first time. I am very new to Drupal, and I haven't done anything to this site except install it and set up basic details like the site name, emails, and my admin login. The problem I am having is that the Status Details page lists 1 error which is:
Trusted Host Settings
Not enabled
The trusted_host_patterns setting is not configured in settings.php. This can lead to security vulnerabilities. It is highly recommended that you configure this. See Protecting against HTTP HOST Header attacks for more information.
I found this Drupal documentation that explains how to configure trusted host settings, which sounds very easy, however when I VIM into the file and attempt to add my localhost to the settings, it gives me a warning saying it is a readonly file. When I try to save the settings, it throws an error saying it is readonly.
The file I am attempting to edit is in /project-folder/web/sites/default/settings.php which I believe is the correct file.
Attempted Solutions
- This question talks about how Drupal can't make a file readonly, but I am able to VIM into other files without issues. I was also able to build it using composer which downloaded the files to this repository without any issues, so I don't know what else might be making this specific file readonly.
Continuing attempt 1, I went back one directory into /sites/ and attempted to edit README.txt with vim. It did not show any warnings that this file is readonly. I also attempted to edit example.sites.php in the /sites/ directory with vim and this one also did not give any readonly warning. Thus, I believe that the only file affected is the /sites/default/settings.php file, and I do believe that it has something to do with Drupal.
This documentation talks about Configuring Read-only mode, but it looks like editing the same settings.php file is necessary. Editing the file is what is causing the readonly error.
Changed ownership of /Documents/Repositories/ Directory where my project folder is to my own user on a hunch. The file is still readonly.
Stopped apache server with brew services stop httpd, then attempted to edit the file once again. It is still readonly.
Warning in settings.php
I continued to try to resolve this issue and noticed a block of text in the settings.php file that I did not see in the documentation. I believe this contains a hint to the solution to my issue:
* In order to use the selection rules below the multisite aliasing file named
* sites/sites.php must be present. Its optional settings will be loaded, and
* the aliases in the array $sites will override the default directory rules
* below. See sites/example.sites.php for more information about aliases.
Question
What is the recommended way to alter the settings.php file? I assume that other Drupal users who may not be too experienced in the shell have come across this issue so I am wondering if there is a way to edit this file without manually disabling readonly and enabling it after the change is made. If not, how do I do this safely?
More Information
- This is a freshly installed Drupal 10.1.0 site.
- Installed using Composer
- Installed locally and uses Postgres and Apache. Both services are running when I try to make the change.
