How to fix "You're accessing the development server over HTTPS, but it only supports HTTP." in Django?

but-it-only-supports-http-in-django.md

How to fix "You're accessing the development server over HTTPS, but it only supports HTTP." in Django?

Check the Django's site URL. It may have https.

Disable following variables in settings.py or .env

SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
CSRF_TRUSTED_ORIGINS = ['yoursite.com']

Set DEBUG as True

DEBUG = True

Clear the Django site's(what you developed) cookies and sessions on the browser. For Google Chrome, steps are below.

Settings-> Privacy and Security -> Cookies and other site data -> See all cookies and site data -> Search your site name or IP and click 'Trash' icon.

Close the browser and reload the site now.

This didn't work for me

what about if want to use https. So, instead of disabling everything, I would prefer to know how to run server on https instead of http

@dgerok did you find a solution for your case?

@clebergriff
yes, thank you!

Do you mind sharing what you did? I am facing the same issue where I want it to run on https.

Sure
The below stack does not work locally.
I used Linode to deploy the app - they give a couple of months to try it for free. I created a Linode for Django with Linux
I had a temporary domain on azure.com

1. open setting.py of your project and find your secrete key (below "# SECURITY WARNING: keep the secret key used in production secret!")

• copy the secrete key into the text file, for example, 'key.txt'
• remove a secret key from the settings.py and put the code instead:
  with open('key.txt') as f: SECRET_KEY = f.read().strip()
• save this on the server

2. get a domain name (which should not be IP). It can even be, for example, dev.my_domain.azure.com
3. on the server side:
   source: https://realpython.com/django-nginx-gunicorn/

• install Gunicorn (pip3 install gunicorn)
• go to the application dir (in my case cd /var/www/DjangoApp)
• create configuration files: mkdir -pv config/gunicorn;
• fill in prod.py: vi gunicorn/prod.py

import multiprocessing

wsgi_app = "project.wsgi:application"                # Django WSGI application path in pattern MODULE_NAME:VARIABLE_NAME
workers = multiprocessing.cpu_count() * 2 + 1 # The number of worker processes for handling requests
bind = "0.0.0.0:8000"                                       # The socket to bind
accesslog = "/var/log/gunicorn/access.log"        # Write access and error info to /var/log
errorlog = "/var/log/gunicorn/error.log"
capture_output = True                                     # Redirect stdout/stderr to log file
pidfile = "/var/run/gunicorn/prod.pid"              # PID file so you can easily fetch process ID
daemon = True                                                # Daemonize the Gunicorn process (detach & enter background)

• kill Django runserver, if it is running:
  ps -ef; kill XXXXX. where XXXXX - number of the process, which often looks like 192.168.111.111:80000 (IP is an example)
• go to the application dir (in my case cd /var/www/DjangoApp)
• show gunicorn the path to the Django secret key from the (1): source key.txt
  gunicorn -c config/gunicorn/prod.py

4. install nginx (this is needed for HTTPS) on your server side
   sources: https://letsencrypt.org/getting-started/, https://certbot.eff.org/
   apt update; apt install nginx
5. setup nginx

• add your domain as a file into (file name is domain-like: "dev.my_domain.azure.com"):

cat > /etc/nginx/sites-available/dev.my_domain.azure.com
cat > /etc/nginx/sites-enabled/dev.my_domain.azure.com

• add to /etc/nginx/sites-available/dev.my_domain.azure.com:

server_tokens             off;

# Use site-specific access and error logs
access_log                /var/log/nginx/supersecure.access.log;
error_log                 /var/log/nginx/supersecure.error.log;

# Return 444 status code & close connection if no Host header present
server {
  listen                  80 default_server;
  return                  444;
}

# Redirect HTTP to HTTPS
server {
  server_name            dev.my_domain.azure.com;
  listen                  80;
  return                  307 https://$host$request_uri;
}

server {

  # Pass on requests to Gunicorn listening at http://localhost:8000
  location / {
    proxy_pass            http://localhost:8000;
    proxy_set_header      Host $host;
    proxy_set_header      X-Forwarded-Proto $scheme;
    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect        off;
  }

  # Serve static files directly !!! USE YOUR STATIC PATH
  location /static {
    autoindex             on;
    alias                 /var/www/DjangoApp/my_app/static
  }
}

• add into /etc/nginx/nginx.conf the following code:
  include /etc/nginx/sites-enabled/*;
• check nginx configuration by running a command:
  service nginx configtest /etc/nginx/sites-available/dev.my_domain.azure.com

6. get a certificate to run https with certbot

• install snapd on the server side

apt install snapd;
snap install core;
snap refresh core;

• install certbot on the server side:
  snap install --classic certbot
• connect certbot to nginx:
  certbot --nginx
• answer 'yes', where needed and choose your domain from the list. usually it is 1
• restart nginx

Thank you very much @dgerok ! That helped me setting up on AWS EC2

Still having this issue when setting up asgi