Code

#20139 closed Bug (duplicate)

Please add a line about ALLOWED_HOSTS requirement in tutorial

Reported by: gertvdijk Owned by: nobody
Component: Documentation Version: 1.5
Severity: Normal Keywords: tutorial security settings
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Summary: Since 1.5 one needs to set the ALLOWED_HOSTS to something sane before Django will serve anything besides an empty HTTP-500 response without any form of error output. Please include that in the tutorial or provide a message to the admin.


I'm new to Django and followed the tutorials using Django 1.5. After finishing the tutorial I wasn't able to use the simple project with the Poll app without keeping DEBUG = True -- all requests were responded with an "500 Server Error". Changing back to Debug = True generated the regular debug enabled responses. Creating the 404.html and 500.html templates didn't help either.

Even every new empty Django project I started wasn't able to serve other than an empty 500 response, unless I would turn on debug mode again. This totally confused me and it took me quite some time to find the right documentation about it in the Deployment Checklist (only development version). As raising the SuspicousOperation Exception isn't logged or reported anywhere running the server in production, I did not have any clue! Moreover, this isn't debug-able for me as a new user as it does not show up with Debug mode on.

This Q&A on StackOverflow illustrates the issue perfectly as well (this saved my day!): Django: Setting DEBUG = False causes 500 Error

Suggested solution 1: Add a small note about this in the Tutorial part 3 paragraph "Write a 404 (page not found) view" where it's explained about the behaviour of the DEBUG value and 404/500 responses. E.g.: "Changed in Django 1.5: If DEBUG is set to False, all responses will be an 500 Server Error unless you specify the ALLOWED_HOSTS setting in your project's settings.py".

Suggested solution 2: Whenever starting the server in DEBUG = False and ALLOWED_HOSTS = [], display a warning on the console (stderr) that no request will be served because of the empty ALLOWED_HOSTS setting.

Attachments (0)

Change History (2)

comment:1 Changed 13 months ago by carljm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

This is definitely a problem. I think a mention in the tutorial is a good idea, but I don't think that's an adequate solution to the problem. (See https://code.djangoproject.com/ticket/20120#comment:3)

comment:2 Changed 13 months ago by timo

  • Resolution set to duplicate
  • Status changed from new to closed

Previously suggested in #19875

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.