55

SSL connection

When I try to write the server link like http:// .... it redirects to https:// and in the terminal :

message Bad HTTP/0.9 request type ('\x16\x03\x01\x00\x8b\x01\x00\x00\x87\x03\x01Ð\x118¿JÄ\x19[Òç\x01<O')
You're accessing the development server over HTTPS, but it only supports HTTP.
Forge
  • 6,538
  • 6
  • 44
  • 64
A.Raouf
  • 2,171
  • 1
  • 24
  • 36
  • May be overly simplistic, but I got this issue randomly when recovering my laptop from sleep and just restarting the computer solved the problem – Michael Murphy Oct 05 '19 at 12:10
  • 3
    after adding SESSION_COOKIE_SECURE = False CSRF_COOKIE_SECURE = False SECURE_SSL_REDIRECT = False I had to do this trick to make it work: - restart computer - clear cache and cookies - access http://127.0.0.1:800 then access http://127.0.0.1:8000 again. Hope this helps. – Huy Than Oct 21 '19 at 18:01

13 Answers13

40

I think you should create different settings.py ( base_settings.py, local_settings.py, production_settings.py). And in your settings.py do something like this:

import socket
if socket.gethostname()=="Raouf-PC":
    from local_settings import *

Change 'Raouf-PC' to the hostname of your PC.

P:S: I'm using Windows 10.

After doing that place the below data in your production_settings.py and save. Then clear your browser cache and visit your site in development server.

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True

If the above doesn't suit your needs, then in your local_settings.py paste the below data, save and clear your browser cache and visit your site.

SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = False
SECURE_SSL_REDIRECT = False

Note: at the beginning of production_setttings.py and local_settings.py put:

from base_settings.py import *

Your base settings should contain 'settings' that will be used both on local and production server so you won't be repeating it everytime.

P:S If my answer is accepted, I dedicate it to the good people on SO who have helped me in one way or the other. This is my first time of answering a question. I hope to do more in the future. :)

smack
  • 922
  • 11
  • 21
  • 3
    This prevents the problem. It does not solve it completely. Chrome and Firefox seem to remember settings for a certain page. Once this error occurs you can add these changes but you probably need to clear your browser caches as well. – Soerendip Nov 30 '18 at 00:08
  • It's not the best practice. Django app will expect that your computer is named as `Raouf-PC`. Other team members's laptops are named differently. Thus this condition won't work – zshanabek Oct 19 '20 at 13:08
  • Not working. Does this work in django 4.2? – Jayesh Sep 18 '22 at 15:50
22

You probably have the setting SECURE_SSL_REDIRECT set to True

This setting should be False when running the development server

Iain Shelvington
  • 31,030
  • 3
  • 31
  • 50
17

Instead of using the command

python manage.py runserver

I used

python manage.py runserver 8080

Just by changing the port number, it is working for me.

Deepak G
  • 677
  • 9
  • 10
8
CORS_REPLACE_HTTPS_REFERER      = False
HOST_SCHEME                     = "http://"
SECURE_PROXY_SSL_HEADER         = None
SECURE_SSL_REDIRECT             = False
SESSION_COOKIE_SECURE           = False
CSRF_COOKIE_SECURE              = False
SECURE_HSTS_SECONDS             = None
SECURE_HSTS_INCLUDE_SUBDOMAINS  = False
SECURE_FRAME_DENY               = False

1. Put this settings at the end of your settings.py
2. Clear your browser cache and then run your project.

Akshay Tetwar
  • 127
  • 1
  • 7
  • 2
    Setting (only) `SECURE_SSL_REDIRECT` to `False` and clearing the browser cache worked for me. – Mujeeb Sep 12 '19 at 07:20
  • 1
    @Mujeeb I tried this and it did not work for me... However, the settings above did make everything work fine. – GBeck Oct 28 '19 at 11:30
3

If you are part of a team, you can use a variable to set the development environment. I use DJANGO_DEV=development

for e.g., on the computer that will be used for development, you add this to your ~/.bashrc file:

export DJANGO_DEV=true

or you can use django-environ

After that you can check, if current environment is a DEV env and set the specific values.

import os

if os.environ.get('DJANGO_ENV') is not None:
    SECURE_SSL_REDIRECT = False
    SESSION_COOKIE_SECURE = False
    CSRF_COOKIE_SECURE = False
else:
    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
    SECURE_SSL_REDIRECT = True
    SESSION_COOKIE_SECURE = True
    CSRF_COOKIE_SECURE = True

If there are multiple settings, that you can go and define specific files as described in @yoyo's answer.

mmsilviu
  • 1,211
  • 15
  • 25
1

Simply change the path in your .env file to http://localhost:8000/

It worked for me. I'm using the Django backend and React frontend with the Django rest framework.

Chaitanya Mogal
  • 321
  • 1
  • 9
1

Nothing above helped me so digged in setting.py and
changed this to ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
this ACCOUNT_DEFAULT_HTTP_PROTOCOL = "http"
it fixed the problem for me hope it helps

Furkan
  • 39
  • 5
1

Additionally to settings.py setup with SECURE_SSL_REDIRECT=False for development.

To fix the https redirecting for localhost:

  • Go to https://127.0.0.1:8000
  • Open developer mode in your browser
  • Disable cache on the Network tab
  • Update the page with http://127.0.0.1:8000
  • Enable cache

Or try Empty Cache and Hard Reload by right-clicking on the update icon in development mode in browser.

To open dev mode in Chrome use: Option + ⌘ + J (on macOS), or Shift + CTRL + J (on Windows/Linux)

flashdrag
  • 11
  • 2
1

I know this question is old and already solved, but here it is for anyone who has a problem (as was my case today):

In my case, I followed (partially) as Huy Than proposed, after having changed SECURE_SSL_REDIRECT, CSRF_COOKIE_SECURE and SESSION_COOKIE_SECURE to False, I only cleared the cache, restarted the IDE and the browser.

I corrected the error and was able to access my website.

HiroCereal
  • 550
  • 1
  • 11
ihaveonesun
  • 11
  • 2
0

I also recommend to be sure that you are not trying access page by some port. For example by running Django server on PyCharm with some port.

Rafał
  • 572
  • 4
  • 21
0

its clearly telling that you are accessing development server over https, but it only supports http.

usually we access development server like http://127.0.0.1:8000 but in your case its https://127.0.0.1:8000 as it's mentioned we cannot access development server over https.

I have gone through the same problem, but in my case when I was sending the email verification to gmail account, I was sending endpoint as https://127.0.0.1:8000/verify. https was used instead of http, so I corrected it to http then it worked fine.

Akhil S
  • 955
  • 11
  • 16
0

  1. Insert the below configs at the end of your settings.py file or completely comment them out(if you already had)

    SECURE_CONTENT_TYPE_NOSNIFF = False SECURE_BROWSER_XSS_FILTER = False SECURE_SSL_REDIRECT = False SESSION_COOKIE_SECURE = False CSRF_COOKIE_SECURE = False X_FRAME_OPTIONS = 'DENY'

then-, 2. Clear your browser cache and then re-run your project.

Cleo Okinda
  • 1
  • 2
0

Check the Django's site URL. It may have https.

Disable following variables in settings.py or .env

SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
CSRF_TRUSTED_ORIGINS = ['yoursite.com']

Set DEBUG as True

DEBUG = True

Clear the Django site's(what you developed) cookies and sessions on the browser. For Google Chrome, steps are below.

Settings-> Privacy and Security -> Cookies and other site data -> See all cookies and site data -> Search your site name or IP and click 'Trash' icon.

Close the browser and reload the site now.

MdNazmulHossain
  • 121
  • 4