5

I've developed my own website on Django for a while, and today I started to learn how to deploy it. I added this to my settings.py:

SECURE_SSL_REDIRECT = True,

This caused the development server to stop working properly, with this error message: 

[13/Jan/2018 16:56:49] code 400, message Bad request syntax ('\x16\x03\x01\x00À\x01\x00\x00¼\x03\x03ßà\x84¼+Jnßþn-ñ\x88ý©vAþK\x83¤²êT\x86\x0b.\x8em\x0b:â\x00\x00\x1cÚÚÀ+À/À,À0̨̩À\x13À\x14\x00\x9c\x00\x9d\x00/\x005\x00')
[13/Jan/2018 16:56:49] code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x00À\x01\x00\x00¼\x03\x03\x87')
[13/Jan/2018 16:56:49] You're accessing the development server over HTTPS, but it only supports HTTP.

[13/Jan/2018 16:56:49] You're accessing the development server over HTTPS, but it only supports HTTP.

[13/Jan/2018 16:56:49] code 400, message Bad request version ('JJÀ+À/À,À0̨̩À\x13À\x14\x00\x9c\x00\x9d\x00/\x005\x00')
[13/Jan/2018 16:56:49] You're accessing the development server over HTTPS, but it only supports HTTP.

Why has my server stopped working properly?

Note that when I changed the setting back to SECURE_SSL_REDIRECT = False, the problem didn't go away.

Sahand
  • 7,980
  • 23
  • 69
  • 137

4 Answers4

19

You configured your django site to enforce https by setting SECURE_SSL_REDIRECT = True - which is very good idea for a production setup.

If you set the SECURE_SSL_REDIRECT setting to True, SecurityMiddleware will permanently (HTTP 301) redirect all HTTP connections to HTTPS.

For this reason (and also others) you usually have separate settings for development and produciton. There are a few things that nearly always differ.

Read this to get known to some approches on how to deal with it: Django: How to manage development and production settings?

NOTE

If your browser received 301 once from your site - changing the setting back might have no direct effect, as the browser cached the target URL and does not send a request on HTTP. You need to clear or disable your browsers cache in that case.

dahrens
  • 3,879
  • 1
  • 20
  • 38
  • Okay, will check it out. Now that the damage is done, is there any way to reverse it? I obviously don't want this problem in my development environment. Ideally I'd like to make middleware "forget" about the setting I changed and then follow the answer you linked to. – Sahand Jan 13 '18 at 18:27
  • You did not do any damage - you only changed a configuration. Change it back to `SECURE_SSL_REDIRECT = False`, when **developing locally**. – dahrens Jan 13 '18 at 18:30
  • I do, but the problem doesn't go away, that's what baffles me. I change to `SECURE_SSL_REDIRECT = False`, but I get the same error with the same message as I specified in the question. Well not EXACTLY the same message. See my edit for the exact message. – Sahand Jan 13 '18 at 18:31
  • 3
    Have you disabled/cleared your browsers cache? Usually a browser after receiving 301 from a server for a long time do not ask anymore and just redirect to whatever target (because the server told him so). As a quick test you might use another browser. – dahrens Jan 13 '18 at 18:44
11

The browser has cached the http->https redirect from the previous request when it was working with SECURE_SSL_REDIRECT=True.

Turning it off server side will not effect that cached redirect.

You can selectively clear that for your dev server's url/ip (not everything in the browser cache) and get things working by:

  1. Shutdown your Django dev server
  2. Go to http://127.0.0.1:8000 - it will give you a 404
  3. Open up Chrome's dev tools
  4. Click and hold on the "Reload" button
  5. Select: "Empty Cache & Hard Reload"
  6. Restart Django dev server
  7. Hit http://127.0.0.1:8000 again
adnantium
  • 141
  • 1
  • 4
0

If you are part of a team, you can use a variable to set the development environment. for e.g. DJANGO_DEV=development

After that you can check, if current environment is a DEV env and set the specific values.

Read more about this approach on this answer

mmsilviu
  • 1,211
  • 15
  • 25
0

You might try editing your Edit Configuration and run the server on a different port. In pycharm I changed run -> edit_configurations -> host = 127.0.0.1, Port = 8001.

I then reran the Python Interpreter and it launched again in a new browser without the https. You might need to first change the settings options to select SECURE_SSL_REDIRECT = False in your local_settings or settings.

CosmoRied
  • 876
  • 2
  • 10
  • 8