[Django] #20164: Confusing SuspiciousOperation exception about ALLOWED_HOSTS when using hosts with port number

Sat, 30 Mar 2013 09:12:27 -0700 

#20164: Confusing SuspiciousOperation exception about ALLOWED_HOSTS when using
hosts with port number
-------------------------------------+-------------------------------------
     Reporter:                       |      Owner:  nobody
  nicolas.iooss_django@…             |     Status:  new
         Type:  Bug                  |    Version:  1.5
    Component:  HTTP handling        |   Keywords:  ALLOWED_HOSTS
     Severity:  Normal               |  validate_host SuspiciousOperation
 Triage Stage:  Unreviewed           |  Has patch:  0
Easy pickings:  1                    |      UI/UX:  0
-------------------------------------+-------------------------------------
 In a new project, right after I switched DEBUG setting to False in my
 development environment settings, I get HTTP 500 error on every page with
 following error mail when I browse http://127.0.0.1:8000/.

 {{{
 Traceback (most recent call last):

   File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py",
 line 92, in get_response
     response = middleware_method(request)

   File "/usr/lib/python2.7/site-packages/django/middleware/common.py",
 line 57, in process_request
     host = request.get_host()

   File "/usr/lib/python2.7/site-packages/django/http/request.py", line 72,
 in get_host
     "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s" %
 host)

 SuspiciousOperation: Invalid HTTP_HOST header (you may need to set
 ALLOWED_HOSTS): 127.0.0.1:8000
 }}}

 This message (and Django documentation) advises me to write `ALLOWED_HOSTS
 = ['127.0.0.1:8000']` in my settings, which didn't have ALLOWED_HOSTS.
 However this doesn't work because `django.http.request.validate_host`
 validates the domain of `127.0.0.1:8000`, which is `127.0.0.1`. With
 `ALLOWED_HOSTS = ['127.0.0.1']` in the settings my project works well.

 Therefore the message "Invalid HTTP_HOST header (you may need to set
 ALLOWED_HOSTS): 127.0.0.1:8000" is confusing and I think port number
 shouldn't appear in it. This problem is more global than my development
 environment as some person may choose to host his Django website at
 http://example.com:8000/.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/20164>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to