I'm sure there's simple solution for this but I haven't found it. AWS Cloudfront strips out the referer header: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#RequestCustomRemovedHeaders
Django requires a referer to exist and to match the current site as part of CSRF protection: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-it-works Immediate issue is that /admin doesn't work at all, but even if I exclude /admin from being behind Cloudfront, what about other forms that users will interact with? thanks- John -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/589096b8-bd1e-49ad-be6b-7737c5c3fbe4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
