Hi
I'm considering using nginx as a caching reverse-proxy to improve my
site's performance.
When I have the proxy turned on, the CSRF verification does not work
(at least not for contrib.auth login view).
Probably because the csrf_token in the form is cached and invalid.
I've googled this without much success to a point where I'm thinking
this is maybe some setting I'm missing.
Does anyone have experience with nginx as a caching reverse-proxy and
working CSRF?
Here are the relevant portions from my nginx config:
proxy_cache_path /var/lib/nginx/cache levels=1:2
keys_zone=staticfilecache:180m max_size=500m;
proxy_temp_path /var/lib/nginx/proxy;
proxy_connect_timeout 30;
proxy_read_timeout 120;
proxy_send_timeout 120;
proxy_cache_key "$scheme://$host$request_uri";
server {
listen x.x.x.x:80;
server_name www.example.com;
proxy_cache_valid 200 5m;
location / {
proxy_cache staticfilecache;
proxy_pass http://server;
add_header X-Handled-By $upstream_addr;
}
}
- Sævar
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
