CSRF Django Referer checking failed

Question

I have recently set up my site Django site with nginx and SSL however sometimes users are seeing the following error:

Referrer Checking Failed - https://<domain>.co.uk/register does not match https://<domain>.co.uk

Users can access the site through .com also in which case they are redirected to co.uk. I guess I have configured something wrong with CSRF settings, but even using the @csrf_exempt decorator for this view does not work. The only CSRF setting I have in my settings is:

USE_X_FORWARDED_HOST = True

My nginx config looks like:

server {

    listen 80;

    server_name <domain>.com www.<domain>.com;

    access_log off;

    listen 443 ssl;

    ssl_certificate /etc/nginx/ssl/<domain>.com.crt;
    ssl_certificate_key /etc/nginx/ssl/<domain>.com.key;

    ...

    location / {
            proxy_pass http://127.0.0.1:8000;
            proxy_set_header X-Forwarded-Host $server_name;
            proxy_set_header X-Real-IP $remote_addr;
            add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
    }
}

Does anyone have any idea what is going on here?

this has been incorrectly edited to remove a second server definition in the nginx file. It was not a duplicate block. One specifies the .co.uk and the other .com configurations. After edit only the .com appears now. — Silian Rails, Dec 14 '15 at 12:37

CSRF Django Referer checking failed

0 Answers0