You May Need to Add ‘’ to allowed_hosts

It sounds like you are trying to set up a Django project and are encountering an error related to the ALLOWED_HOSTS setting.

In Django, the ALLOWED_HOSTS the setting is a list of host names that are valid for this site. When Django receives a request, it checks the Host header against this list to ensure that the request is legitimate. This helps prevent an attacker from poisoning the cache by submitting a request with a forged Host header.

If you are seeing an error that says that you need to add ‘’ to ALLOWED_HOSTS, it means that Django is receiving a request with a Host a header that includes the value ‘’ (which is the loopback address for the local host), but this value is not in the ALLOWED_HOSTS list.

To fix this error, you will need to add ‘’ to the ALLOWED_HOSTS list in your Django settings. The ALLOWED_HOSTS setting is typically found in the file of your Django project.

For example:

ALLOWED_HOSTS = ['', 'localhost']

Once you have added ‘’ to the ALLOWED_HOSTS list, you should be able to run your Django project without encountering this error.

Few more things you might want to know about the ALLOWED_HOSTS setting in Django:

  • In addition to host names, you can also include domain names and IP addresses in the ALLOWED_HOSTS list. For example:
ALLOWED_HOSTS = ['', 'localhost', '', '']
  • If you are running Django in production, it is important to set ALLOWED_HOSTS it to a list of host names that are valid for your site. This will help prevent attackers from forging requests to your site and potentially causing damage.
  • By default, Django will raise a SuspiciousOperation exception if the Host the header of an incoming request does not match any of the values in ALLOWED_HOSTS. You can customize this behavior by setting the SECURE_HOST_REDIRECT and SECURE_HOST_FAIL_REDIRECT settings.
  • If you are testing your Django project on your local machine and you are seeing the error “You may need to add ‘′ to ALLOWED_HOSTS”, it is probably because you are running the development server with the runserver command and have not set ALLOWED_HOSTS. In this case, you can either set ALLOWED_HOSTS to include ‘’ or use the --allow-hosts flag to allow any host header.

I hope this additional information is helpful! Let me know if you have any more questions.

If you have questions and opinions please share them in the comment box.

Leave a Comment