id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
35328	Improve CSRF Origin checking messaging	Ryan Hiebert	Ryan Hiebert	"A very common misconfiguration is for the 
`SECURE_PROXY_SSL_HEADER` setting to not be configured correctly. This causes the origin checks to fail, but the messaging leads folks like me to the `CSRF_TRUSTED_ORIGINS` setting, which is not really what you want in this scenario. In some cases, like GitHub Codespaces, you may also need the `USE_X_FORWARDED_HOST` setting as well.

I believe we can make some common scenarios easier to fix by improving our error messaging. Particularly in `DEBUG` mode, we can show useful information about their headers and give a suggestion about what fix might be appropriate.

https://forum.djangoproject.com/t/forwarded-headers-csrf-hints/28616"	Cleanup/optimization	assigned	CSRF	dev	Normal			Carlton Gibson tim-schilling	Accepted	1	0	0	1	0	0