Home Features Docs Blog Philosophy Examples FAQ Live Demo Hosting
Get Started GitHub Discord
DJE-005CriticalSecurity

DEBUG=True in production

Error message

Django debug mode enabled in production environment

Running with DEBUG=True in production exposes detailed error pages with stack traces, local variables, settings, and installed apps. This gives attackers a roadmap of your application internals.

configproductionsecurity

Affected versions: >=0.2.0

Solution

Recommended

Use environment variable for DEBUG setting

Set DEBUG from an environment variable, defaulting to False. This ensures production deployments are safe by default.

Before (problematic)
# settings.py
DEBUG = True  # Hardcoded!
After (fixed)
import os

# settings.py
DEBUG = os.environ.get("DJANGO_DEBUG", "").lower() == "true"
Back to Error Reference