Confusing SuspiciousOperation exception about ALLOWED_HOSTS when using hosts with port number
|Reported by:||Owned by:||nobody|
|Severity:||Normal||Keywords:||ALLOWED_HOSTS validate_host SuspiciousOperation|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
In a new project, right after I switched DEBUG setting to False in my development environment settings, I get HTTP 500 error on every page with following error mail when I browse http://127.0.0.1:8000/.
Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 92, in get_response response = middleware_method(request) File "/usr/lib/python2.7/site-packages/django/middleware/common.py", line 57, in process_request host = request.get_host() File "/usr/lib/python2.7/site-packages/django/http/request.py", line 72, in get_host "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s" % host) SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): 127.0.0.1:8000
This message (and Django documentation) advises me to write
ALLOWED_HOSTS = ['127.0.0.1:8000'] in my settings, which didn't have ALLOWED_HOSTS. However this doesn't work because
django.http.request.validate_host validates the domain of
127.0.0.1:8000, which is
ALLOWED_HOSTS = ['127.0.0.1'] in the settings my project works well.
Therefore the message "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): 127.0.0.1:8000" is confusing and I think port number shouldn't appear in it. This problem is more global than my development environment as some person may choose to host his Django website at http://example.com:8000/.