I am using Django, DRF , docker, Nginx and AWS EC2 instance for my personal project, application is working fine when it is using HTTP , once i changed to HTTPS i am getting CSRF Verification Failed.
used {% csrf_token %} where required in html forms
in settings.py
I have:
CSRF_COOKIE_SECURE = True
CSRF_TRUSTED_ORIGINS = ['http://localhost/', 'example.co.in', 'www.example.co.in']
CORS_ORIGIN_WHITELIST = ['http://localhost/', 'example.co.in', 'www.example.co.in']
Please help me in solving this issue, thank you everyone
2
Answers
You need to write the "https://" in the CSRF_TRUSTED_ORIGINS and CORS_ORIGIN_WHITELIST, you have "http://" in your settings and this is why with http works but not with https.
Sometimes it happens due to Nginx configuration, please check your Nginx configuration.
If your Nginx contains following attributes especially prxy_set_header which configures headers to be sent from nginx to a proxied host.