<p><a href="https://docs.djangoproject.com/en/stable/ref/settings/#allowed-hosts" rel="noreferrer">^{<cd1>} list</a>应该包含完全限定的<em>主机名</em>,<strong>而不是<strong>url。去掉端口和协议。如果您使用的是<code>127.0.0.1</code>,我也会将<code>localhost</code>添加到列表中:</p>
<pre><code>ALLOWED_HOSTS = ['127.0.0.1', 'localhost']
</code></pre>
<p>您还可以使用<code>*</code>来匹配任何</em>宿主:</p>
<pre><code>ALLOWED_HOSTS = ['*']
</code></pre>
<p>引用文档:</p>
<blockquote>
<p>Values in this list can be fully qualified names (e.g. <code>'www.example.com'</code>), in which case they will be matched <strong>against the request’s <code>Host</code> header</strong> exactly (case-insensitive, <strong>not including port</strong>). A value beginning with a period can be used as a subdomain wildcard: <code>'.example.com'</code> will match <code>example.com</code>, <code>www.example.com</code>, and any other subdomain of <code>example.com</code>. A value of <code>'*'</code> will match anything; in this case you are responsible to provide your own validation of the <code>Host</code> header (perhaps in a middleware; if so this middleware must be listed first in <code>MIDDLEWARE_CLASSES</code>).</p>
</blockquote>
<p><em>加粗强调我的</em>。</p>
<p>您得到的状态400响应是由于当主机头与该列表中的任何值不匹配时引发了<a href="https://docs.djangoproject.com/en/stable/ref/exceptions/#suspiciousoperation" rel="noreferrer">^{<cd5>} exception</a>。</p>