Django gives Bad Request (400) when DEBUG = False
The ALLOWED_HOSTS
list should contain fully qualified host names, not urls. Leave out the port and the protocol. If you are using 127.0.0.1
, I would add localhost
to the list too:
ALLOWED_HOSTS = ['127.0.0.1', 'localhost']
You could also use *
to match any host:
ALLOWED_HOSTS = ['*']
Quoting the documentation:
Values in this list can be fully qualified names (e.g.
'www.example.com'
), in which case they will be matched against the request’sHost
header exactly (case-insensitive, not including port). A value beginning with a period can be used as a subdomain wildcard:'.example.com'
will matchexample.com
,www.example.com
, and any other subdomain ofexample.com
. A value of'*'
will match anything; in this case you are responsible to provide your own validation of theHost
header (perhaps in a middleware; if so this middleware must be listed first inMIDDLEWARE_CLASSES
).
Bold emphasis mine.
The status 400 response you get is due to a SuspiciousOperation
exception being raised when your host header doesn't match any values in that list.
I had the same problem and none of the answers resolved my problem. For resolving situations like this, it's best to enable logging by adding the following config to settings.py
temporarily.
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'file': {
'level': 'DEBUG',
'class': 'logging.FileHandler',
'filename': '/tmp/debug.log',
},
},
'loggers': {
'django': {
'handlers': ['file'],
'level': 'DEBUG',
'propagate': True,
},
},
}
When you see the issue, it's easier to handle than by blind debugging.
My issue was:
Invalid HTTP_HOST header: 'pt_web:8000'. The domain name provided is not valid according to RFC 1034/1035.
I resolved it by adding proxy_set_header Host $host;
to the Nginx config file and enabling port forwarding with USE_X_FORWARDED_PORT = True
in the settings.py
(it's because in my case I was listening to requests on Nginx port 8080
and passing to guni
on port 8000
).