I am trying to make sure that my site is properly protected from showing the details of the error in production.
I've been struggling with this for a while, as at beginning I understood that in order to avoid Django from showing the error (module, line of code, etc.) all that was needed was changing DEBUG from True to False in settings.py.
However, I realized that Django was still showing error details, so investigating a bit more and I came to know that the following was also needed:
TEMPLATE_DEBUG = DEBUG in settings.py
404.html and 500.htmlinside the templates folder
Is there anything else needed to make sure that the user does not get those messages?
And how does Django deal with the other kind of errors, like 400? I saw here that there are handlers for 400 and 403, but I do not understand it and I don't know if they are needed at all for a basic using case.
If DEBUG is False, Django doesn't show error details to the user. If it did in your case, the most likely explanations are either that it's not using the settings.py file you think it's using (in which case you should check the Python path, the directory from which you run manage.py, and the value of DJANGO_SETTINGS_MODULE), or that you did not restart Gunicorn/uWSGI/Apache after you made the change to settings.py (Django does not restart itself automatically in production like it does in development).
As for 400 and 403, just leave the Django defaults. If Django receives a bad request (unlikely in production, because this will usually be caught by Apache or nginx), it will call bad_request() which will just show a "400 bad request" to the user. Likewise for other errors.
Related
I am getting Error DisallowedHost at /
Invalid HTTP_HOST header: `'subdomain.example.com'`. You may need to add 'subdomain.example.com' to ALLOWED_HOSTS.
in my Django project which is deployed on IIS Windows server. Sometimes it works fine and sometimes it throws an error. Even I have set DEBUG = False. I got an error page as it appears in DEBUG = True mode.
Sometimes It works fine, and sometimes it throws an error. I have already added my subdomain i .e (subdomain.example.com) in ALLOWED HOSTS in settings.py.
Please help me to solve this problem permanently.
You need to set
ALLOWED_HOSTS = ['localhost', '127.0.0.1', 'yourdomain.com']
in the settings file, basically every domain you are going to run your web app from needs to be in this ALLOWED_HOSTS, I would suggest you to make a different settings file for development, production etc.
I have a django web app on A2hosting, where I am using .htaccess files and passenger_wsgi.py. It was working fine the last time I touched it, but then someone who had a look at it later informed me that it was broken.
I created a test situation to find the problem and here's the gist of it.
When I do a GET (to www.geo4ce.com/quiz/test_weird/), it goes to a page with a simple form that just has one input and a submit and an action that has "/quiz/test_weird/" and method="post". When I submit the form, the server expects the "quiz" part of the url to be referring to a path on the file server, can't find it and then logs an error that it can't find it. But, then it checks the test_weird part of the url against my django urls.py file, finds a different view for that and displays it.
A scenario that almost works properly is with www.geo4ce.com/quiz/test_hacked/, that has the same set up, except the form has action = "/anythinghere/quiz/test_hacked/". In this case, the "anythinghere" part of the url gets an error logged, since it doesn't exist on the file server, and then the /quiz/test_hacked/ part of the url works normally to get back to the original web page.
Anyone have any idea how I might be able to fix or debug this?
[EDIT]
I don't think it's the .htaccess file that's the cause. It looks something like this.
PassengerEnabled On
PassengerAppRoot /path/to/app/folder/
# Prevent Apache from serving .htaccess files:
<FilesMatch "^\.htaccess">
Order allow,deny
Deny from all
</FilesMatch>
deny from xxx.yyy.zzz
Apparently the issue is caused by a certain version of Passenger (with RoR). I've been told to switch to using FCGI.
When I attempt to access particular pages of my application on the django development server, the server suddenly quits with no error message, leaving the browser with a "Error 324 (net::ERR_EMPTY_RESPONSE)"
What kind of thing could I have done in the code that would cause the development server to suddenly quit with no error messages?
The GET request that triggers the server to quit is not logged. For example, after starting the server and attempting a GET of one of the problem pages, my command line looks like this:
(mysite)01:25 PM benjamin ~/projects/mysite $ runserver
Validating models...
0 errors found
Django version 1.3.1, using settings 'mysite.settings'
Development server is running at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
(mysite)01:28 PM benjamin ~/projects/mysite $
I'm running django 1.3.3 in a virtualenv using Python 2.6
I found this because I was encountering a similar problem. It turned out I was running out of memory. Figured I would mention it on the off chance that it helps someone.
The bus error can happen when you're trying to extend a template with another template that has the same filename and relative path.
Example
Let's say you want to use your own poll.html template for the voting app, but to reuse as much as possible, you extend from the original poll.html:
<!-- myapp/templates/voting/poll.html -->
{% extends 'voting/poll.html' %}
<!-- Trying to extend from 'voting/templates/voting/poll.html' -->
...
This will give you the bus error, because the template is extending "itself", even though that's not what you're trying to do.
Your own voting/poll.html is shadowing the original poll.html from the voting app, which will never be found
myproject/myapp/templates/voting/poll.html
myproject/voting/templates/voting/poll.html <-- you cannot extend from this
I haven't found a general solution to this, but I ran into the problem trying to customize the admin app's index.html and for that there is a solution (See below).
Customizing the "admin" app
I got the "bus error" when trying to customize the index.html in the admin app, and extending from the original admin/index.html. The solution to that specific problem is described here: How to override and extend basic Django admin templates? – you name your own admin/index.html something else, in order to extend from the original admin/index.html
I am having problems logging in my Django project.
In my view.py in an "application" I am doing the following:
import logging
logging.basicConfig(filename="django.log",level=logging.DEBUG)
def request(request):
logging.debug("test debugging")
with a django.log file in the same directory as the view.py file.
Now when making a request from the browser I keep getting a 500 Internal Server error as shown in Firebug. I can get logging to work just fine when I simply run it through the interactive python shell or executing it from a .py file like the following:
import logging
logging.basicConfig(filename="django.log",level=logging.DEBUG)
def testLogging():
logging.debug("test debugging")
if __name__ == "__main__"
testLogging()
, and then executing python nameOfFile.py.
What am I doing wrong? I am running Django 1.1.1 and Python 2.6.5. Maybe I should upgrade Django?
Could it be related to permissions? I can imagine that in a web-server environment, writing to a file may be restricted. In truth, I don't know, but please check the official Django logging documentation - it uses the standard logging module, but you may have to configure it differently.
Is that your entire view? It would have been helpful to post the actual traceback, but note that a view must return an HttpResponse, even if it's an empty one. So if that is your entire view, the 500 error is probably happening because you're not returning anything.
Add return HttpResponse() to the end of that view, and if that still doesn't work, please post the traceback itself.
asked this question over the weekend, but for some reason all replies have died. started it again as i now have new information
when i restart apache on my vps, i get
the model "category" is already registered
from init.py
i think this is because the object is getting discovered and registered twice.
i didn't think this would be an issue, it isn't in dev where i don't get these errors. also, i dont get the error the first time i run the server after a syncdb.
so upload code, syncdb, start apache, no error message. restart apache and the error message appears.
i can hide it, by commenting out the line that registers the model, but this means that the object doesn't appear in admin unless i uncomment the line and upload it after the admin site has loaded the first time.
this only appears to happen the first time after an apache reset, doesn't happen subsequent times.
anyone come across this before? using apache with mod_wsgi on debian, django 1.2.3
The error message suggests that model registration code is being repeated. Are you registering your models in the models.py file? The recommended way is to write a separate admin.py file to register the models.
This can be due to the order with which you have subclassed other models. For instance, if you subclass both Django-polymorphic's PolymorphicModel and another model, e.g., Django-extensions' TimeStampedModel, you need to subclass PolymorphicModel first or it will raise this error:
class MyClass(TimeStampedModel, PolymorphicModel): # Raises error
class MyClass(PolymorphicModel, TimeStampedModel): # Does not raise error