id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
28488	Django 1.11+ raises CSRF verification failed if settings.DEBUG is False and an intermediate 404 page is requested	Ruben Alves	nobody	"Hi all,

I'm using Django1.11 (and made tests also with Django1.11.4) and having problems when submitting a form with POST method.

I'm calling the `{% csrf_token %}` inside of the form, so, this is not the problem.
The problem when submitting the form is:

Forbidden (403)
CSRF verification failed. Request aborted.
More information is available with DEBUG=True.

Then, in order to see ""more information"", I've enabled `settings.DEBUG` to `True` and submitted the form again. At this moment, the problem didn't happens anymore.

So I've disabled `settings.DEBUG`, submitted again, and the problem was there. Enabled `DEBUG=True` again, problem has gone.

Initially I thought that could be some error in my code,  but the same happens when I try to reset my password wit the `django.contrib.auth.views.password_reset` view.

In my `settings.py`, I have the following changes that were made recently:

`SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')`
`SESSION_COOKIE_SECURE = True`
`CSRF_COOKIE_SECURE = True`


I use AWS (Amazon Web Service) Elastic Beanstalk with https enabled.

The worst part is that I've discovered this only on production because I make all tests in my local machine with `DEBUG=True`, and on production, we set `DEBUG=False`. Also, the error message should be shown only if `DEBUG=True`.

It's something related to the same error mentioned on Google Groups [https://groups.google.com/forum/#!searchin/django-users/CSRF$20verification$20failed.$20Request$20aborted.$20More$20information$20is$20available$20with$20DEBUG$3DTrue.%7Csort:relevance/django-users/ISoJ6CwHOXQ/pirLih0jBgAJ]


"	Bug	closed	CSRF	dev	Release blocker	fixed	csrf failed settings debug false production	rubenanapu@… Nicola Jay Cox Florian Apolloner Berker Peksag	Accepted	0	0	0	0	0	0