Thursday, June 26, 2014

using AWS cloudfront with Django - CSRF failures

I'm sure there's simple solution for this but I haven't found it. AWS Cloudfront strips out the referer header: 

Django requires a referer to exist and to match the current site as part of CSRF protection: 

Immediate issue is that /admin doesn't work at all, but even if I exclude /admin from being behind Cloudfront, what about other forms that users will interact with?  

thanks- John 

You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
To view this discussion on the web visit
For more options, visit

No comments:

Post a Comment