#34855: Document CSRF_TRUSTED_ORIGINS relation to SECURE_PROXY_SSL_HEADER.
-------------------------------------+-------------------------------------
Reporter: jeroenmuller | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: Documentation | Version: 4.2
Severity: Normal | Resolution: wontfix
Keywords: CSRF | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Florian Apolloner):
I would be okay with adding documentation for this if it is a recurring
issue as long as it does not explicitly refer to `SECURE_PROXY_SSL_HEADER`
but is more like something along the lines of:
> If you are seeing CSRF failures on HTTPS sites, it might be possible
that your webserver/loadbalancer does not pass on the information that the
site is exposed via HTTPS. Please consult the documentation of your
webserver/loadbalancer on how to properly configure your site for HTTPS.
We could add "(this might include configuring `SECURE_PROXY_SSL_HEADER`)"
at the end.
--
Ticket URL: <https://code.djangoproject.com/ticket/34855#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018abcf62580-2311f52d-ed4e-4e11-b388-2541a7f4a6d1-000000%40eu-central-1.amazonses.com.
