I'm sure there's simple solution for this but I haven't found it. AWS Cloudfront strips out the referer header: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#RequestCustomRemovedHeaders
Django requires a referer to exist and to match the current site as part of CSRF protection: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-it-works Immediate issue is that /admin doesn't work at all, but even if I exclude /admin from being behind Cloudfront, what about other forms that users will interact with? thanks- John -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/589096b8-bd1e-49ad-be6b-7737c5c3fbe4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
