Hi John,
-- Even though I'm two years late, in case someone runs into this problem I managed to solve it by:
Whitelisting the 'x-csrfmiddlewaretoken' header (i.e. gets properly forwarded to origin) in the distribution settings.
Whitelisting the 'csrftoken' cookie in the distribution behaviour.
Best,
Joao
quinta-feira, 26 de Junho de 2014 às 18:26:18 UTC-3, John Briere escreveu:
quinta-feira, 26 de Junho de 2014 às 18:26:18 UTC-3, John Briere escreveu:
I'm sure there's simple solution for this but I haven't found it. AWS Cloudfront strips out the referer header:Django requires a referer to exist and to match the current site as part of CSRF protection:Immediate issue is that /admin doesn't work at all, but even if I exclude /admin from being behind Cloudfront, what about other forms that users will interact with?thanks- John
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3c5bdbf1-d286-4760-82e8-461e4b8c4e9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment