Opened 12 years ago
Closed 12 years ago
#20164 closed Bug (duplicate)
Confusing SuspiciousOperation exception about ALLOWED_HOSTS when using hosts with port number
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | HTTP handling | Version: | 1.5 |
Severity: | Normal | Keywords: | ALLOWED_HOSTS validate_host SuspiciousOperation |
Cc: | bmispelon@… | Triage Stage: | Unreviewed |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description
In a new project, right after I switched DEBUG setting to False in my development environment settings, I get HTTP 500 error on every page with following error mail when I browse http://127.0.0.1:8000/.
Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 92, in get_response response = middleware_method(request) File "/usr/lib/python2.7/site-packages/django/middleware/common.py", line 57, in process_request host = request.get_host() File "/usr/lib/python2.7/site-packages/django/http/request.py", line 72, in get_host "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s" % host) SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): 127.0.0.1:8000
This message (and Django documentation) advises me to write ALLOWED_HOSTS = ['127.0.0.1:8000']
in my settings, which didn't have ALLOWED_HOSTS. However this doesn't work because django.http.request.validate_host
validates the domain of 127.0.0.1:8000
, which is 127.0.0.1
. With ALLOWED_HOSTS = ['127.0.0.1']
in the settings my project works well.
Therefore the message "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): 127.0.0.1:8000" is confusing and I think port number shouldn't appear in it. This problem is more global than my development environment as some person may choose to host his Django website at http://example.com:8000/.
Change History (1)
comment:1 by , 12 years ago
Cc: | added |
---|---|
Resolution: | → duplicate |
Status: | new → closed |
This is a duplicate of #20038.