Opened 5 years ago

Closed 5 years ago

#20164 closed Bug (duplicate)

Confusing SuspiciousOperation exception about ALLOWED_HOSTS when using hosts with port number

Reported by: nicolas.iooss_django@… Owned by: nobody
Component: HTTP handling Version: 1.5
Severity: Normal Keywords: ALLOWED_HOSTS validate_host SuspiciousOperation
Cc: bmispelon@… Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no


In a new project, right after I switched DEBUG setting to False in my development environment settings, I get HTTP 500 error on every page with following error mail when I browse

Traceback (most recent call last):

  File "/usr/lib/python2.7/site-packages/django/core/handlers/", line 92, in get_response
    response = middleware_method(request)

  File "/usr/lib/python2.7/site-packages/django/middleware/", line 57, in process_request
    host = request.get_host()

  File "/usr/lib/python2.7/site-packages/django/http/", line 72, in get_host
    "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s" % host)

SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS):

This message (and Django documentation) advises me to write ALLOWED_HOSTS = [''] in my settings, which didn't have ALLOWED_HOSTS. However this doesn't work because django.http.request.validate_host validates the domain of, which is With ALLOWED_HOSTS = [''] in the settings my project works well.

Therefore the message "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS):" is confusing and I think port number shouldn't appear in it. This problem is more global than my development environment as some person may choose to host his Django website at

Change History (1)

comment:1 Changed 5 years ago by Baptiste Mispelon

Cc: bmispelon@… added
Resolution: duplicate
Status: newclosed

This is a duplicate of #20038.

Note: See TracTickets for help on using tickets.
Back to Top