Django says my development server doesn't support HTTPS, even though I've disabled it

I've developed my own website on Django for a while, and today I started to learn how to deploy it. I added this to my settings.py:

SECURE_SSL_REDIRECT = True,

This caused the development server to stop working properly, with this error message:

[13/Jan/2018 16:56:49] code 400, message Bad request syntax ('\x16\x03\x01\x00À\x01\x00\x00¼\x03\x03ßà\x84¼+Jnßþn-ñ\x88ý©vAþK\x83¤²êT\x86\x0b.\x8em\x0b:â\x00\x00\x1cÚÚÀ+À/À,À0̨̩À\x13À\x14\x00\x9c\x00\x9d\x00/\x005\x00')
[13/Jan/2018 16:56:49] code 400, message Bad HTTP/0.9 request type ('\x16\x03\x01\x00À\x01\x00\x00¼\x03\x03\x87')
[13/Jan/2018 16:56:49] You're accessing the development server over HTTPS, but it only supports HTTP.

[13/Jan/2018 16:56:49] You're accessing the development server over HTTPS, but it only supports HTTP.

[13/Jan/2018 16:56:49] code 400, message Bad request version ('JJÀ+À/À,À0̨̩À\x13À\x14\x00\x9c\x00\x9d\x00/\x005\x00')
[13/Jan/2018 16:56:49] You're accessing the development server over HTTPS, but it only supports HTTP.

Why has my server stopped working properly?

Note that when I changed the setting back to SECURE_SSL_REDIRECT = False, the problem didn't go away.

1 answer

  • answered 2018-01-13 18:24 dahrens

    You configured your django site to enforce https by setting SECURE_SSL_REDIRECT = True - which is very good idea for a production setup.

    If you set the SECURE_SSL_REDIRECT setting to True, SecurityMiddleware will permanently (HTTP 301) redirect all HTTP connections to HTTPS.

    For this reason (and also others) you usually have separate settings for development and produciton. There are a few things that nearly always differ.

    Read this to get known to some approches on how to deal with it: Django: How to manage development and production settings?

    NOTE

    If your browser received 301 once from your site - changing the setting back might have no direct effect, as the browser cached the target URL and does not send a request on HTTP. You need to clear or disable your browsers cache in that case.