DisallowedHost at /login
Invalid HTTP_HOST header: ‘192.168.1.37:8000’. You may need to add ‘192.168.1.37’ to ALLOWED_HOSTS.
Request Method: GET
Request URL: http://192.168.1.37:8000/login
Django Version: 2.2.7
Exception Type: DisallowedHost
This error occurs when the first method is to turn off CSRF protection, comment out the line in the third setting in.
MIDDLEWARE = [
‘django.middleware.security.SecurityMiddleware’,
‘django.contrib.sessions.middleware.SessionMiddleware’,
#‘django.middleware.common.CommonMiddleware’,
‘django.middleware.csrf.CsrfViewMiddleware’,
‘django.contrib.auth.middleware.AuthenticationMiddleware’,
‘django.contrib.messages.middleware.MessageMiddleware’,
‘django.middleware.clickjacking.XFrameOptionsMiddleware’,
]
Then it will report the following error:
Forbidden (CSRF token in here Incorrect or Missing.)
Later form {% csrf_token%} plus it
用户名:<form method="post" action="/login_check"> {% csrf_token %}
<input type="text" name="username"><br>
密码:<input type="password" name="password"><br>
<input type="submit" value="登录">
Principle:
when rendering the page, {% csrf_token%} will be replaced with
the hidden domain;
server to the browser stores a name for the cookie information csrftoken;
when the form is submitted to the server two values are compared, if Like, csrf verified, otherwise fail.
However, it is not safe to turn off CSRF, or cancel the setting in the comments, will ALLOWED_HOSTS = [ ''] change
ALLOWED_HOSTS = [ '*']
It allows all the hosts, or to their own computer ip address added ALLOWED_HOSTS = [ '*'], this method can also be.
