Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CommandError: You must set settings.ALLOWED_HOSTS if DEBUG is False

Tags:

django

People also ask

What is the usage of Allowed_hosts in Django project settings?

ALLOWED_HOSTS. A list of strings representing the host/domain names that this Django site can serve. This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations.

What is allowed host?

An allowed host may be an additional subdomain used by your web application or a completely separate domain used for an API. For example, you can add https://api.example.com as an allowed host to the main target https://www.example.com.

Try

ALLOWED_HOSTS = ['*']

Less secure if you're not firewalled off or on a public LAN, but it's what I use and it works.

EDIT: Interestingly enough I've been needing to add this to a few of my 1.8 projects even when DEBUG = True. Very unsure why.

EDIT: This is due to a Django security update as mentioned in my comment.


Your solution might be to add the original IP and/or hostname also:

ALLOWED_HOSTS = [
  'localhost',
  '127.0.0.1',
  '111.222.333.444',
  'mywebsite.com']

The condition to be satisfied is that the host header (or X-Forwarded-Host if USE_X_FORWARDED_HOST is enabled) should match one of the values in ALLOWED_HOSTS.


Make sure it's not redefined again lower down in your settings.py. The default settings has:

ALLOWED_HOSTS = []


From documentation: https://docs.djangoproject.com/en/1.10/ref/settings/

if DEBUG is False, you also need to properly set the ALLOWED_HOSTS setting. Failing to do so will result in all requests being returned as “Bad Request (400)”.

And from here: https://docs.djangoproject.com/en/1.10/ref/settings/#std:setting-ALLOWED_HOSTS

I am using something like this:

ALLOWED_HOSTS = ['localhost', '127.0.0.1', 'www.mysite.com']

Use this:

ALLOWED_HOSTS =  ['localhost', '127.0.0.1']

If you work in PyCharm, check the Environmental variables for your Django server. You should specify the proper module.settings file


This works for me:

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False

ALLOWED_HOSTS = ['localhost', '127.0.0.1']

Related questions

Mac OS X - EnvironmentError: mysql_config not found
What is the purpose of apps.py in Django 1.9?
Token Authentication for RESTful API: should the token be periodically changed?
Can a dictionary be passed to django models on create?
Django templates: verbose version of a choice
Make the first letter uppercase inside a django template
How to repeat a "block" in a django template
Django admin: how to sort by one of the custom list_display fields that has no database field
How to spread django unit tests over multiple files?
django unit tests without a db
Is it possible to pass query parameters via Django's {% url %} template tag?
Django FileField with upload_to determined at runtime
Django Forms: if not valid, show form with error message
Django Cookies, how can I set them?
Can I make the foreign key field optional in Django model
Django Rest Framework - Could not resolve URL for hyperlinked relationship using view name "user-detail"
<Django object > is not JSON serializable
gunicorn autoreload on source change
How can I save my secret keys and password securely in my version control system?
Django database query: How to get object by id?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!