Nginx - Getting Forbidden (403) CSRF verification failed

Vinodsagar
April 3, 2024
229 views
1 vote
2 Answers

I am using Django, DRF , docker, Nginx and AWS EC2 instance for my personal project, application is working fine when it is using HTTP , once i changed to HTTPS i am getting CSRF Verification Failed.

used {% csrf_token %} where required in html forms

in settings.py I have:

CSRF_COOKIE_SECURE = True

CSRF_TRUSTED_ORIGINS = ['http://localhost/', 'example.co.in', 'www.example.co.in']

CORS_ORIGIN_WHITELIST = ['http://localhost/', 'example.co.in', 'www.example.co.in']

Please help me in solving this issue, thank you everyone

Answers

- SpikeVinalyan
- February 21, 2024 at 1:30 pm
- 0 votes
0
You need to write the "https://" in the CSRF_TRUSTED_ORIGINS and CORS_ORIGIN_WHITELIST, you have "http://" in your settings and this is why with http works but not with https.

Login or Signup to reply.

- Jingda
- April 3, 2024 at 3:20 pm
- 0 votes
0
Sometimes it happens due to Nginx configuration, please check your Nginx configuration.

If your Nginx contains following attributes especially prxy_set_header which configures headers to be sent from nginx to a proxied host.
```
location / {
    proxy_pass http://IP:port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
}
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Nginx – Getting Forbidden (403) CSRF verification failed

Answers