When using a reverse proxy, which forwards https requests via http, I get CSRF verification failed. Request aborted.
I have allowed hosts set to wildcard (allowed_host1 = *). When I set it explicitly to the domain I'm using, it works.
For some reason, adding SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") to settings.py also fixed the issue.
I guess this is because from django's perspective, the request is made via http, but the Origin/Referer headers use a https:// scheme, so they are not the same.
As adding the SECURE_PROXY_SSL_HEADER option by default adds insecurities for people without a reverse proxy, I suggest adding an etebase-server.ini option for it.
Also weirdly enough, I didn't have this problem before, with the same reverse proxy setup, but when running without docker. Feel free to suggest what I could possibly have done wrong..
When using a reverse proxy, which forwards https requests via http, I get
CSRF verification failed. Request aborted.I have allowed hosts set to wildcard (
allowed_host1 = *). When I set it explicitly to the domain I'm using, it works.For some reason, adding
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")tosettings.pyalso fixed the issue.I guess this is because from django's perspective, the request is made via http, but the
Origin/Refererheaders use ahttps://scheme, so they are not the same.As adding the
SECURE_PROXY_SSL_HEADERoption by default adds insecurities for people without a reverse proxy, I suggest adding anetebase-server.inioption for it.Also weirdly enough, I didn't have this problem before, with the same reverse proxy setup, but when running without docker. Feel free to suggest what I could possibly have done wrong..