id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 19295,Document that runserver --insecure doesn't work with DEBUG False and CachedStaticFilesStorage,Apreche,Keith Edmiston,"How to reproduce: Enable the CachedStaticFilesStorage in your settings and turn DEBUG off. {{{ DEBUG = False STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.CachedStaticFilesStorage' }}} Turn on the runserver with the insecure flag {{{ $ python manage.py runserver --insecure }}} Visit your runserver in your browser, and the static files will not load. When using the default django.contrib.staticfiles.storage.StaticFilesStorage the static files will load. The reason is because of this section in contrib/staticfiles.storage.py {{{ 100 def url(self, name, force=false): 101 """""" 102 Returns the real URL in DEBUG mode. 103 """""" 104 if settings.DEBUG and not force: 105 hashed_name, fragment = name, '' 106 else: }}} When DEBUG is False, the automatic static file serving in runserver is disabled. But using runserver with --insecure will re-enable it. Because the CachedStaticFilesStorage only looks at the DEBUG flag, it will not work properly in this scenario. Perhaps that force parameter could be set to True when the --insecure flag is passed to runserver? Yes, this is an extremely rare and low-priority edge case, but still a bug. It's also not clear what the expected behavior is when both the --nostatic and --insecure flags are passed to runserver simultaneously. They sort of cancel each other out. Personally I feel the nostatic should take priority.",Cleanup/optimization,closed,Documentation,1.4,Normal,fixed,,,Accepted,0,0,0,0,1,0