ssl error - You're accessing the development server over HTTPS, but it only supports HTTP

Hi Experts

I am working on a wagtail project(like django-cms) I get this error when I run python3 manage.py runserver 0.0.0.0:8000

 
code 400, message Bad request syntax 
  ('\x16\x03\x01\x00®\x01\x00\x00ª\x03\x03³\x06âP\x97Þ%<Sg\x13Ö×[zE\x96\x15?
  \x96\x00\x1ah')
  You're accessing the development server over HTTPS, but it only supports 
  HTTP.

Open in new window


I had changed SECURE_SSL_REDIRECT=FALSE and tested it still i get this same error. I had disabled cache in chrome.

 I had deactivated chorme caching in registry  by following steps.
Deactivate Chrome Cache in the Registry

Open Registry (Start -> Command -> Regedit)

Search for: HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command

Change the part after ...chrom.exe" to this value: –disable-application- cache –media-cache-size=1 –disk-cache-size=1 — "%1"

Example: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" - disable-application-cache –media-cache-size=1 –disk-cache-size=1 — "%1"

I had also tried disable cache from chrome developer tools network -disable cache.

I had also tried by clearing cache from hsts on chrome.

I had also tried from incognito window on chrome. But still I get the same error

It is an Ubuntu machine on AWS(accessed by putty from windows pc).

I access from outside (windows pc - local pc )through http://54.23x.9x.17:8000 I am not able to resolve this error.


I had tried on some other machine.  I got the following error on console for Linux Ubuntu

it is changing to https instead of http and I got "GET / HTTP/1.1" 301 0 on console window


Please help me in resolving this error.

With Many Thanks, Bharath AK
LVL 1
Bharath A.KAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gelonidaCommented:
This is strange. The error message really seems as if you typed
 https://54.23x.9x.17:8000 

Open in new window

instead of

 http://54.23x.9x.17:8000 

Open in new window


Can you open the debug window on your web browser and check (on Firefox for example F12 + click on the network tab and onreload)


Alternatively take any command line tool like curl / wget to simulate a request.
0
nociSoftware EngineerCommented:
not using the https everywhere plugin?
BTW, it is better for all parties to DO use HTTPS.
Cost is marginal, if using LetsEncrypt & Certbot for renewals. Esp. on Linux systems.
0
gelonidaCommented:
@Bharath A.K and noci
Yeah it could be something like an https everywhere plugin or perhaps a permanent redirect which was caught by the browser.
You could try to use another browser or an anonymous browser window or disable all plugins and delete all history for the given server.


@noci:

regarding HTTP instead of https

the django command
python3 manage.py runserver

Open in new window


is normally used to quickly launch a development server with automatic restart on source code change it is intentionally without HTTPS
and listens by default only on localhost for security reasons.
only by explicetely passing 0.0.0.0 it will listen on all interfaces.

@Bharath A.K

I don't know if the developement server contains sensitive data, but what you could do in order to avoid opening an HTTP port on 0.0.0 you could start the development server only on localhost and use ssh with local portforwarding to create a secured tunel between your PC and the remote server.

Alternatively you could hide the development server behind a reverse proxy.
But I don't know all the features / servers that are available on your AWS
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

Bharath A.KAuthor Commented:
Hi Gelonida and Noci,

       I am able to see the application from the browser.  

Steps I had done is do http get from postman for http://54.25x.9x.17:8000,  It was throwing few errors on postman.
Like missing environmental variables like creating facebook-id and providing search path etc.  Once I set the environment variables
It succeeding with 200 ok on postman.  Then I was able to see the application from incognito window on chrome.
Later it started working on normal window and disable cache on network tab with developer tools on chrome.

With Many Thanks,

Bharath AK
0
Bharath A.KAuthor Commented:
Hi All,

Thank you so much,  my thinking was to use only browser to check http calls.  From you suggestions, I realized I can do all http tasks in curl, wget and postman.  Thanks for your ideas.  It is really helpful to me

Kind Regards,

Bharath AK
0
Bharath A.KAuthor Commented:
Hi All,

The following lines of code in settings.py is causing the ssl error.  Once I commented the below lines.  the error vanished.  I dont know exactly which line was causing the error. Once I comment this out, ssl error vanished.

    SECURE_SSL_REDIRECT = True
    SESSION_COOKIE_SECURE = True
    CSRF_COOKIE_SECURE = True
    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
    SECURE_HSTS_SECONDS = 86400
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True

With many thanks,

Bharath AK
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.