Django/NGINX - CSRF verification failed in production on a 3g-enabled device
My django app works perfectly fine on other devices with 4G connectivity. Trying to sign up or login on a device with only 3G capability throws the CSRF verification failed error. Any idea why that is?
I'm also using Cloudflare to configure/manage the domain name server. Thanks.
I already looked through the settings file (mostly following the docs) but don't wanna to break anything that's already working.
Here's my NGINX config:
upstream app_server {
server unix:/tmp/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
client_max_body_size 4G;
# add here the ip address of your server
# or a domain pointing to that ip (like example.com or www.example.com)
server_name jovimifah.com www.jovimifah.com;
keepalive_timeout 5;
access_log /home/vickerdent/logs/nginx-access.log;
error_log /home/vickerdent/logs/nginx-error.log;
location /static/ {
root /home/vickerdent/shop-central;
}
# checks for static file, if not found proxy to app
location / {
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
Also, CSRF_COOKIE_SECURE
and SESSION_COOKIE_SECURE
are True.
Try adding the Referer
header to your nginx config:
server {
...
location @proxy_to_app {
proxy_set_header Referer $http_referer;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}