ALLOWED_HOSTS setting missing¶
In Django, you need to properly set the
ALLOWED_HOSTS setting when
DEBUG = False. This is a security mechanism. It prevents attackers from poisoning caches or password reset emails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe web server configurations.
ALLOWED_HOSTS not set or empty, when
DEBUG = False.
""" settings.py """ DEBUG = False # ... ALLOWED_HOSTS = 
Make sure, an appropriate host is set in ALLOWED_HOSTS, whenever DEBUG = False.
DEBUG = False # ... ALLOWED_HOSTS = ['djangoproject.com']