Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad Request when DEBUG=False and missing ALLOWED_HOST #5

Open
lukpueh opened this issue Sep 27, 2016 · 3 comments
Open

Bad Request when DEBUG=False and missing ALLOWED_HOST #5

lukpueh opened this issue Sep 27, 2016 · 3 comments

Comments

@lukpueh
Copy link

lukpueh commented Sep 27, 2016

In DEBUG=False mode Django requires the setting ALLOWED_HOST listing allowed hosts, or else it responds with HTTP 400 (Bad request), see:

This should be explicitly mentioned in settings_base.py or settings.py as a placeholder or comment and/or in the Installation docs.
@lukpueh lukpueh mentioned this issue Sep 27, 2016
Open
@aaaaalbert
Copy link

Thanks for the insight! We don't have multiple virtual hosts per server in our current live deployments at the moment; however, it's obviously a requirement from Django to strongly and explicitly whitelist thoses web server hosts that a browser may send requests to. @lukpueh or @RohanBhirangi, do you want to suggest patches?

@aaaaalbert
Copy link

I'll make ALLOWED_HOSTS a mandatory setting, and here's why: Testing with the latest version (SeattleTestbed/custominstallerbuilder@3f027f2) when unset causes this message in the Apache error log,

DisallowedHost: Invalid HTTP_HOST header: 'seattle-dev.engineering.nyu.edu'. You may need to add u'seattle-dev.engineering.nyu.edu' to ALLOWED_HOSTS.

My browser shows a nondescript 500 Internal Server Error page.

aaaaalbert added a commit to SeattleTestbed/custominstallerbuilder that referenced this issue Jul 5, 2017
@aaaaalbert
Set ALLOWED_HOSTS per default in settings.py
55d625e 
This addresses SensibilityTestbed#5 where a missing `ALLOWED_HOSTS` in
non-`DEBUG` mode was reported to cause problems.

https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
aaaaalbert added a commit to SeattleTestbed/docs that referenced this issue Jul 5, 2017
@aaaaalbert
CIB: Add ALLOWED_HOSTS to configurable settings
27549f0 
This follows SeattleTestbed/custominstallerbuilder@55d625e and SensibilityTestbed/custominstallerbuilder#5, which address issues with a missing `ALLOWED_HOSTS`.
@aaaaalbert
Copy link

Alright, SeattleTestbed/custominstallerbuilder@55d625e and SeattleTestbed/docs@27549f0 fix this issue for SeattleTestbed. We can close this issue following the next sync/pull from there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lukpueh @aaaaalbert