[SOLVED] Why do I get a server side HTTP 400 error when I try to access my django server with my mobile phone?

Why do I get a server side HTTP 400 error when I try to access my django server with my mobile phone?

I have set up a simple, local running django server which provides buttons to trigger some bash commands on the server (currently my MacBook Pro). The output of these commands is then displayed on the website.

Anyways: The website is working fine as long as I access it from the DuckDuckGo Browser on my MacBook. I also tried with the Brave Browser installed on my Desktop PC - works fine.

Now, as I try to access the website from my iPhone, a connection is established, the buttons are working and also, the text on the buttons disappeared. But more importantly, I get a strange error on the server inside the console which is running the server. The error says:

[26/Apr/2024 11:33:04] code 400, message Bad request version ('p¤\x99é4rÙu*\x08\x8dÎ\x06¨A©\x06\x8f?l\x19\x9fz\x97\x00,êê\x13\x01\x13\x02\x13\x03À,À+Ì©À0À/Ì¨À')

[26/Apr/2024 11:33:04] You're accessing the development server over HTTPS, but it only supports HTTP.

Using WireShark, I compared the package traffic between the iPhone and the server, and between the desktop / macbook and the server.

It was obvious that the phone tries to use HTTPS / TLS to connect to the server while the desktop / macbook connect using HTTP. But as this fails, the TLSv1 package contains the following alert message:

Alert Message: Level: Fatal (2) Description: Protocol Version (70)

So that means that there is no TLS support on the server side. But that is not something I want to achieve in the first place. I just want to connect to the server using HTTP.

But as I try to do that by specifically typing “http://192.168.1.123:8000/home (ip of the server) inside the address bar on my phone, it still seems to try to establish a connection using HTTPS / TLS, even though it says “http://…” inside the address bar.

After some further research I found that especially mobile browsers may use something called HTST (HTTP Strict Transport Security) to prevent security risks as mobile phones tent to be used in more un-secure environments than a Desktop PC, such as public WiFis and so on.

Now my questions are:

What can I do in order to be able to use my Django website with my mobile phone without it trying to use HTTPS / TLS connections?
Is the research I have done the right approach to solving this error or is there something I have missed out on?

Last thing: On my phone, I also use the DuckDuckGo Browser, but I also tried with Safari which didn’t work either.

Solution

Can you verify that you have this things

ALLOWED_HOSTS=["*"] desktop and mobile should be on the theme wi-fi and server running on 0.0.0.0