Please add a line about ALLOWED_HOSTS requirement in tutorial
|Reported by:||gertvdijk||Owned by:||nobody|
|Severity:||Normal||Keywords:||tutorial security settings|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Summary: Since 1.5 one needs to set the ALLOWED_HOSTS to something sane before Django will serve anything besides an empty HTTP-500 response without any form of error output. Please include that in the tutorial or provide a message to the admin.
I'm new to Django and followed the tutorials using Django 1.5. After finishing the tutorial I wasn't able to use the simple project with the Poll app without keeping DEBUG = True -- all requests were responded with an "500 Server Error". Changing back to Debug = True generated the regular debug enabled responses. Creating the 404.html and 500.html templates didn't help either.
Even every new empty Django project I started wasn't able to serve other than an empty 500 response, unless I would turn on debug mode again. This totally confused me and it took me quite some time to find the right documentation about it in the Deployment Checklist (only development version). As raising the SuspicousOperation Exception isn't logged or reported anywhere running the server in production, I did not have any clue! Moreover, this isn't debug-able for me as a new user as it does not show up with Debug mode on.
This Q&A on StackOverflow illustrates the issue perfectly as well (this saved my day!): Django: Setting DEBUG = False causes 500 Error
Suggested solution 1: Add a small note about this in the Tutorial part 3 paragraph "Write a 404 (page not found) view" where it's explained about the behaviour of the DEBUG value and 404/500 responses. E.g.: "Changed in Django 1.5: If DEBUG is set to False, all responses will be an 500 Server Error unless you specify the ALLOWED_HOSTS setting in your project's settings.py".
Suggested solution 2: Whenever starting the server in DEBUG = False and ALLOWED_HOSTS = , display a warning on the console (stderr) that no request will be served because of the empty ALLOWED_HOSTS setting.