Got a problem with Basic authentication in Django REST framework when debug mode is turned off. I am using Django 1.8.4 and Django REST Framework 3.2.2.
Looks like it saves credentials for all computers with the same IP address when the first is logged in. But after some time it prompts for the username and password again.
However, this problem does not occur when the debug mode in Django REST framework settings is set to True. I would like to have the same behaviour when debug is turned off. What is causing the problem?
In settings.py file add the host/domain-name of the system to which django is allowed to serve.
Use:
ALLOWED_HOSTS = ['127.0.0.1'] or ALLOWED_HOSTS = ['localhost'] so that django can serve the localhost.
You may also add other IP address as you wish.
Example:
ALLOWED_HOSTS = ['127.0.0.1', '192.1.12.23']
Domain names can also be accepted:
ALLOWED_HOSTS = ['www.example.com']
If you wish to serve many hosts, you may simply use *, as shown:
ALLOWED_HOSTS = ['*']
This will serve Django to any host in the world.
Related
I have django project.
In my development, when error happens like not import modules... etc.
It shows the error on the browser, but I don't want to show that in production.
Where can I switch off the debug mode???
The settings.py file has a DEBUG setting [Django-doc]. You will furthermore need to specify the ALLOWED_HOSTS setting [Django-doc]. You can set this to False:
# settings.py
# …
DEBUG = False
ALLOWED_HOSTS = ['www.mywebsite.com']
# …
Note that some tooling of Django is not done when you work in a production environment, like serving static files. You will need to configure nginx/apache/… for that. For more information, see the Deploying static files section in the documentation.
here you should enter False or True in way your need. if my answer is correct pls check it for answered
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'this is security key'
# Turn off When Project Will published for use!
DEBUG = True
ALLOWED_HOSTS = [*] <-- this for plesk and Cpanel
# Application definition
INSTALLED_APPS = [ ' Your current app',' Your Seccond app ']
I have a simple django 2.2 project that I trying to publish. I am trying to secure the website as best I can. One of the options is SESSION_COOKIE_SECURE. When set to True, my admin pages just won't work. When I go to /admin page, I will see a login. Inputting the correct login and password just brings me back to the exact same page. If I input the wrong login and password, then an error message pops up. So I know I have used the right password. There's nothing special about my admin setup. It's just in the urls.py of the project folder
urlpatterns = [
path('admin/', admin.site.urls), ...
Of course if I set SESSION_COOKIE_SECURE to False, the admin pages works. I have tried setting the SESSION_COOKIE_DOMAIN to my domain and that doesn't help. What am I missing? Thanks.
EDIT: I have just tried the following set of options based on the Django docs but I am not getting it working.
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
ANOTHER EDIT: So the above works in Production (which has HTTPS) but not in Development. This is good but also troubling to some degree. We want our production and development environment to be as close as possible so that features and stuff can be tested. I wonder what the best practice is when it comes to testing these troublesome little Django settings.
Actually, the following works.
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
It is just that testing in on my development environment, HTTPS is not available.
It seems the SESSION_COOKIE_SECURE option works correctly only under the HTTPS connection.
But, I have no idea why does it work under HTTP in my local environment with default Django's manage.py runserver but not Nginx / gunicorn in production...
I'm developing a django app locally and trying to configure it to use the Amazone SES service to send emails. I've installed django-ses and added this to my settings.py:
EMAIL_BACKEND = 'django_ses.SESBackend'
AWS_SES_REGION_NAME = 'us-west-2'
AWS_SES_REGION_ENDPOINT = 'email.us-west-2.amazonaws.com'
AWS_ACCESS_KEY_ID = '...'
AWS_SECRET_ACCESS_KEY = '...'
Unfortunately, mail.get_connection() returns that it's still using django.core.mail.backends.console.EmailBackend; both in the shell and when the development server is running.
It behaved the same when I was attempting to go the normal smtp configuration route with django.core.mail.backends.smtp.EmailBackend too...
Any ideas as to why it's not making the switch?
According to the django docs the default value for EMAIL_BACKEND is django.core.mail.backends.smtp.EmailBackend, not django.core.mail.backends.console.EmailBackend, so it has probably been set again later in the settings file.
You can also print the value of EMAIL_BACKEND to make sure if the problem is in the function or the variable.
from django.conf import settings
print(settings.EMAIL_BACKEND)
I'm having difficulty moving my django 1.9.3 app from local development to production on Heroku, specifically using allauth (0.25.2) to login via Twitter.
It appears I'm having the same problem as django allauth not working on production yet that answer does not work for me.
When I'm running the dev server, everything works with the callback url on twitter set to http://127.0.0.1:8000/accounts/twitter/login/callback/.
When I switch it to either http://{myappname}.herokuapp.com/accounts/twitter/login/callback/ or http://{myappname}.herokuapp.com/accounts/twitter/login/callback/ and access the app on Heroku, I get a 500 error when I try to login via Twitter, being redirected to https://{myappname}.herokuapp.com/accounts/twitter/login/?process=login
I'm including the following settings in settings.py, which I've tried toggling during my troubleshooting:
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = "mandatory"
ACCOUNT_EMAIL_SUBJECT_PREFIX = "[{myappname}] "
ACCOUNT_LOGIN_ATTEMPTS_LIMIT = {number}
ACCOUNT_LOGIN_ATTEMPTS_TIMEOUT = {number}
ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = False
ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = True
ACCOUNT_LOGOUT_REDIRECT_URL = "/"
SOCIALACCOUNT_EMAIL_REQUIRED = ACCOUNT_EMAIL_REQUIRED
And for production (again, have tried toggling these):
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
X_FRAME_OPTIONS = 'DENY'
I've also tried refreshing the auth keys. Any ideas of what I'm doing wrong?
Taking e4c5's suggestion, I turned on debug in the production environment. This quickly lead to this question: Django: SocialApp matching query does not exist and the problem being with my SITE_ID configuration.
Late to the party here but you can try running a migration on Heroku.
heroku run python manage.py migrate
Im trying to create a 404 custom template , i set DEBUG=False in my local settings.py, and set allowed host like this:
ALLOWED_HOST=['127.0.0.1', 'localhost']
But i still get this when i try to run server:
CommandError: You must set settings.ALLOWED_HOSTS if DEBUG is False.
Any idea ?
ALLOWED_HOSTS must be set. Not ALLOWED_HOST