id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
20164	Confusing SuspiciousOperation exception about ALLOWED_HOSTS when using hosts with port number	nicolas.iooss_django@…	nobody	"In a new project, right after I switched DEBUG setting to False in my development environment settings, I get HTTP 500 error on every page with following error mail when I browse http://127.0.0.1:8000/.

{{{
Traceback (most recent call last):

  File ""/usr/lib/python2.7/site-packages/django/core/handlers/base.py"", line 92, in get_response
    response = middleware_method(request)

  File ""/usr/lib/python2.7/site-packages/django/middleware/common.py"", line 57, in process_request
    host = request.get_host()

  File ""/usr/lib/python2.7/site-packages/django/http/request.py"", line 72, in get_host
    ""Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s"" % host)

SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): 127.0.0.1:8000
}}}

This message (and Django documentation) advises me to write `ALLOWED_HOSTS = ['127.0.0.1:8000']` in my settings, which didn't have ALLOWED_HOSTS. However this doesn't work because `django.http.request.validate_host` validates the domain of `127.0.0.1:8000`, which is `127.0.0.1`. With `ALLOWED_HOSTS = ['127.0.0.1']` in the settings my project works well.

Therefore the message ""Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): 127.0.0.1:8000"" is confusing and I think port number shouldn't appear in it. This problem is more global than my development environment as some person may choose to host his Django website at http://example.com:8000/."	Bug	closed	HTTP handling	1.5	Normal	duplicate	ALLOWED_HOSTS validate_host SuspiciousOperation	bmispelon@…	Unreviewed	0	0	0	0	1	0