id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
26094	CSRF fails behind proxy (settings.USE_X_FORWARDED_PORT=True)	Jose M Herrero	nobody	"I use gunicorn behind nginx and a load balancer, CSRF fails since 1.9 (the code was introduced here https://github.com/django/django/commit/b0c56b895fd2694d7f5d4595bdbbc41916607f45)

The problem is that if settings.CSRF_COOKIE_DOMAIN is defined it uses request.META['SERVER_PORT'] to check that the port is the same and fails behind a proxy.

Using request method get_port() takes is into account and I find that is more correct that useing the header directly.

Patch is on:
https://github.com/chemary/django/commit/081685242dac206783024e1834d1f178b5b8b9b9"	Bug	closed	CSRF	1.9	Release blocker	fixed	csrf		Accepted	1	0	0	0	0	0