Error "You're accessing the development server over HTTPS, but it only supports HTTP"

Question

When I try to write the server link like http:// .... it redirects to https:// and in the terminal :

message Bad HTTP/0.9 request type ('\x16\x03\x01\x00\x8b\x01\x00\x00\x87\x03\x01Ð\x118¿JÄ\x19[Òç\x01<O')
You're accessing the development server over HTTPS, but it only supports HTTP.

May be overly simplistic, but I got this issue randomly when recovering my laptop from sleep and just restarting the computer solved the problem — Michael Murphy, Oct 05 '19 at 12:10
after adding SESSION_COOKIE_SECURE = False CSRF_COOKIE_SECURE = False SECURE_SSL_REDIRECT = False I had to do this trick to make it work: - restart computer - clear cache and cookies - access http://127.0.0.1:800 then access http://127.0.0.1:8000 again. Hope this helps. — Huy Than, Oct 21 '19 at 18:01

score 35 · Accepted Answer · answered Jan 03 '17 at 13:33

I think you should create different settings.py ( base_settings.py, local_settings.py, production_settings.py). And in your settings.py do something like this:

import socket
if socket.gethostname()=="Raouf-PC":
    from local_settings import *

Change 'Raouf-PC' to the hostname of your PC.

P:S: I'm using Windows 10.

After doing that place the below data in your production_settings.py and save. Then clear your browser cache and visit your site in development server.

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True

If the above doesn't suit your needs, then in your local_settings.py paste the below data, save and clear your browser cache and visit your site.

SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = False
SECURE_SSL_REDIRECT = False

Note: at the beginning of production_setttings.py and local_settings.py put:

from base_settings.py import *

Your base settings should contain 'settings' that will be used both on local and production server so you won't be repeating it everytime.

P:S If my answer is accepted, I dedicate it to the good people on SO who have helped me in one way or the other. This is my first time of answering a question. I hope to do more in the future. :)

This prevents the problem. It does not solve it completely. Chrome and Firefox seem to remember settings for a certain page. Once this error occurs you can add these changes but you probably need to clear your browser caches as well. — Soren, Nov 30 '18 at 00:08
It's not the best practice. Django app will expect that your computer is named as `Raouf-PC`. Other team members's laptops are named differently. Thus this condition won't work — zshanabek, Oct 19 '20 at 13:08

Iain Shelvington · Answer 2 · 2016-08-28T17:46:21.897

19

You probably have the setting SECURE_SSL_REDIRECT set to True

This setting should be False when running the development server

edited Aug 28 '16 at 17:46

answered Feb 21 '16 at 13:53

Iain Shelvington

26,159
1
24
40

1

This helped me access my site but I do want to access the site through https. – Justin Harris Aug 23 '16 at 04:02
4

@JustinHarris to access your site over https you need to run the site through a server, NGINX + uWSGI or Apache + mod_python are two popular choices – Iain Shelvington Aug 28 '16 at 17:49
Thanks Iain, actually I'm using pythonanywhere.com and it's pretty easy. – Justin Harris Aug 29 '16 at 03:52
2

@SalahAdDin try clearing your cache. most browsers once they find out about the https version will keep trying to connect to that. – Harry Moreno Oct 22 '19 at 17:48

score 11 · Answer 3 · answered Apr 06 '20 at 19:17

11

Instead of using the command

python manage.py runserver

I used

python manage.py runserver 8080

Just by changing the port number, it is working for me.

answered Apr 06 '20 at 19:17

Deepak G

514
5
9

score 8 · Answer 4 · answered Jul 11 '18 at 13:20

8

CORS_REPLACE_HTTPS_REFERER      = False
HOST_SCHEME                     = "http://"
SECURE_PROXY_SSL_HEADER         = None
SECURE_SSL_REDIRECT             = False
SESSION_COOKIE_SECURE           = False
CSRF_COOKIE_SECURE              = False
SECURE_HSTS_SECONDS             = None
SECURE_HSTS_INCLUDE_SUBDOMAINS  = False
SECURE_FRAME_DENY               = False

1. Put this settings at the end of your settings.py
2. Clear your browser cache and then run your project.

answered Jul 11 '18 at 13:20

Akshay Tetwar

127
1
6

1

Setting (only) `SECURE_SSL_REDIRECT` to `False` and clearing the browser cache worked for me. – Mujeeb Sep 12 '19 at 07:20
@Mujeeb I tried this and it did not work for me... However, the settings above did make everything work fine. – GBeck Oct 28 '19 at 11:30

mmsilviu · Answer 5 · 2021-01-02T16:25:55.190

If you are part of a team, you can use a variable to set the development environment. I use DJANGO_DEV=development

for e.g., on the computer that will be used for development, you add this to your ~/.bashrc file:

export DJANGO_DEV=true

or you can use django-environ

After that you can check, if current environment is a DEV env and set the specific values.

import os

if os.environ.get('DJANGO_ENV') is not None:
    SECURE_SSL_REDIRECT = False
    SESSION_COOKIE_SECURE = False
    CSRF_COOKIE_SECURE = False
else:
    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
    SECURE_SSL_REDIRECT = True
    SESSION_COOKIE_SECURE = True
    CSRF_COOKIE_SECURE = True

If there are multiple settings, that you can go and define specific files as described in @yoyo's answer.

score 1 · Answer 6 · answered Sep 17 '20 at 06:15

1

Simply change the path in your .env file to http://localhost:8000/

It worked for me. I'm using the Django backend and React frontend with the Django rest framework.

answered Sep 17 '20 at 06:15

Chaitanya Mogal

141
6

score 1 · Answer 7 · answered Feb 04 '22 at 12:48

1

Nothing above helped me so digged in setting.py and
changed this to ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
this ACCOUNT_DEFAULT_HTTP_PROTOCOL = "http"
it fixed the problem for me hope it helps

answered Feb 04 '22 at 12:48

Furkan

31
5

score 0 · Answer 8 · answered Aug 02 '19 at 09:00

0

I also recommend to be sure that you are not trying access page by some port. For example by running Django server on PyCharm with some port.

answered Aug 02 '19 at 09:00

Rafał

512
4
20

Akhil S · Answer 9 · 2021-12-16T06:33:10.327

its clearly telling that you are accessing development server over https, but it only supports http.

usually we access development server like http://127.0.0.1:8000 but in your case its https://127.0.0.1:8000 as it's mentioned we cannot access development server over https.

I have gone through the same problem, but in my case when I was sending the email verification to gmail account, I was sending endpoint as https://127.0.0.1:8000/verify. https was used instead of http, so I corrected it to http then it worked fine.

score 0 · Answer 10 · answered Oct 31 '21 at 20:53

Insert the below configs at the end of your settings.py file or completely comment them out(if you already had)

SECURE_CONTENT_TYPE_NOSNIFF = False SECURE_BROWSER_XSS_FILTER = False SECURE_SSL_REDIRECT = False SESSION_COOKIE_SECURE = False CSRF_COOKIE_SECURE = False X_FRAME_OPTIONS = 'DENY'

then-, 2. Clear your browser cache and then re-run your project.

Error "You're accessing the development server over HTTPS, but it only supports HTTP"

10 Answers10

Linked