Nginx，SSL，Django，CSRF验证失败（自定义端口）

Question

我正在使用Django，nginx和Gunicorn开展项目。除POST请求外，一切都很好。 Django提出了CSRF错误。 我不知道我的django和/或nginx conf中有什么缺失或错误。

编辑：我发现了什么问题。因为我充满异国情调的SSL端口。 我在＆＃39;位置/＆＃39;中替换了这一行。块：

proxy_set_header   Host $host;

由：

proxy_set_header   Host localhost:8443;  

Django错误：

Forbidden (403):
CSRF verification failed. Request aborted.

Reason given for failure:
Referer checking failed - https://localhost:8443/accounts/login/ does not match https://localhost/

这是我的nginx conf：

server {
    listen       8880;
    server_name  localhost:8443;

    rewrite        ^ https://$server_name$request_uri? permanent;
}

#Gunicorn
upstream project {
    server localhost:8888;
}

# HTTPS server
server {
    listen       8443 ssl default_server;
    ssl          on;
    server_name  localhost;

    ssl_certificate      /path/file.crt;
    ssl_certificate_key  /path/file.key;

    #Disable SSLv3
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  10m;

    ssl_ciphers  "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers  on;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";


    location / {
      proxy_pass         http://localhost:8888;
      proxy_set_header   X-Real-IP $remote_addr;
      proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header   X-Forwarded-Ssl https;
      proxy_set_header   X-Forwarded-Proto https;
      proxy_set_header   X-Forwarded-Port 8443;
      proxy_set_header   Host $host; #Replaced by proxy_set_header   Host localhost:8443;
    }
}

并在我的settings.py中：

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

Answer 1

尝试添加location /这个：proxy_pass_header X-CSRFToken;