id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 34888 CSRF verification failed in django 4 when nginx serves the webserver Muhammad Fazel Samarghandi nobody "Hi there I just created a very simple project and dockerize it with docker-compose: {{{ version: ""3.8"" services: backend: build: context: . command: > /bin/sh -c "" python manage.py migrate && python manage.py runserver 0.0.0.0:8000"" ports: - 8000:8000 expose: - 8000 proxy: image: nginx volumes: - type: bind source: ./proxy/nginx.conf target: /etc/nginx/conf.d/default.conf read_only: true ports: - 80:80 depends_on: - backend }}} And this is the proxy/nginx.conf: {{{ server { listen 80; server_name localhost; location / { proxy_pass http://backend:8000; proxy_http_version 1.1; } } }}} And the Dockerfile: {{{ FROM python:3 WORKDIR /usr/src/app ENV PYTHONDONTWRITEBYTECODE 1 ENV PYTHONUNBUFFERED 1 RUN pip install --upgrade pip COPY ./requirements.txt . RUN pip install -r requirements.txt COPY . . }}} There is Django==4.2.5 in requirements.txt and django itself is just super basic and just ALLOWED_HOSTS sets to all. By running the docker-compose the django can be accessed from port 8000 and 80 by nginx. The problem is when going to admin panel and send a post request to login, it returns {{{ Forbidden (403) CSRF verification failed. Request aborted. Reason given for failure: Origin checking failed - http://127.0.0.1 does not match any trusted origins. }}} and it can't go away with any trick. I also get this in drf and i tried adding ```CSRF_TRUSTED_ORIGINS```, ```CORS_ALLOWED_ORIGINS``` and even commented the csrf middleware, but nothing changed. As soon as i changed the django version to 3.2 the error is fixed" Bug closed CSRF 4.2 Normal needsinfo csrf Unreviewed 0 0 0 0 0 0