Opened 6 years ago

Closed 6 years ago

#20139 closed Bug (duplicate)

Please add a line about ALLOWED_HOSTS requirement in tutorial

Reported by: Gert van Dijk Owned by: nobody
Component: Documentation Version: 1.5
Severity: Normal Keywords: tutorial security settings
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Summary: Since 1.5 one needs to set the ALLOWED_HOSTS to something sane before Django will serve anything besides an empty HTTP-500 response without any form of error output. Please include that in the tutorial or provide a message to the admin.

I'm new to Django and followed the tutorials using Django 1.5. After finishing the tutorial I wasn't able to use the simple project with the Poll app without keeping DEBUG = True -- all requests were responded with an "500 Server Error". Changing back to Debug = True generated the regular debug enabled responses. Creating the 404.html and 500.html templates didn't help either.

Even every new empty Django project I started wasn't able to serve other than an empty 500 response, unless I would turn on debug mode again. This totally confused me and it took me quite some time to find the right documentation about it in the Deployment Checklist (only development version). As raising the SuspicousOperation Exception isn't logged or reported anywhere running the server in production, I did not have any clue! Moreover, this isn't debug-able for me as a new user as it does not show up with Debug mode on.

This Q&A on StackOverflow illustrates the issue perfectly as well (this saved my day!): Django: Setting DEBUG = False causes 500 Error

Suggested solution 1: Add a small note about this in the Tutorial part 3 paragraph "Write a 404 (page not found) view" where it's explained about the behaviour of the DEBUG value and 404/500 responses. E.g.: "Changed in Django 1.5: If DEBUG is set to False, all responses will be an 500 Server Error unless you specify the ALLOWED_HOSTS setting in your project's".

Suggested solution 2: Whenever starting the server in DEBUG = False and ALLOWED_HOSTS = [], display a warning on the console (stderr) that no request will be served because of the empty ALLOWED_HOSTS setting.

Change History (2)

comment:1 Changed 6 years ago by Carl Meyer

Triage Stage: UnreviewedAccepted

This is definitely a problem. I think a mention in the tutorial is a good idea, but I don't think that's an adequate solution to the problem. (See

comment:2 Changed 6 years ago by Tim Graham

Resolution: duplicate
Status: newclosed

Previously suggested in #19875

Note: See TracTickets for help on using tickets.
Back to Top