Re: Posting from HTTP to HTTPS on same domain results in CSRF failure

2012-10-31 Thread David Fischer
Django does strict referrer checking[1] which includes checking the scheme (HTTP vs. HTTPS). Like the others, I suggest you serve the whole site over HTTPS and forward HTTP traffic to the appropriate HTTPS URLs. -David [1] https://docs.djangoproject.com/en/1.4/ref/contrib/csrf/#how-it-works [1

Re: Posting from HTTP to HTTPS on same domain results in CSRF failure

2012-10-31 Thread Kevin Veroneau
I am using analytics. Hmm. I hoped that there was a django setting I may have missed somewhere. I'll tackle it in a few hours and post my findings and/or solution to help others with a similar issue. If there are any other suggestions as well I'm open to more ideas. On Oct 31, 2012 10:08 AM, "k

Re: Posting from HTTP to HTTPS on same domain results in CSRF failure

2012-10-31 Thread kahara
Perhaps this could be fixed by simply redirecting all HTTP requests to HTTPS? Also, if you're using Analytics and your visitor comes in from an encrypted (Google) search page, then your Analytics will fail as the referer header will not contain search terms if the search hit is non-HTTPS.

Re: Posting from HTTP to HTTPS on same domain results in CSRF failure

2012-10-31 Thread jirka . vejrazka
Original Message- From: Kevin Sender: django-users@googlegroups.com Date: Wed, 31 Oct 2012 01:21:33 To: Reply-To: django-users@googlegroups.com Subject: Posting from HTTP to HTTPS on same domain results in CSRF failure Hello everyone, I am in the process of deploying a Django app which wor

Re: Posting from HTTP to HTTPS on same domain results in CSRF failure

2012-10-31 Thread Kevin Veroneau
I did this approach before and it seems to break Google Search results. :( I do want users to use the site and find me easily after all. On Oct 31, 2012 6:24 AM, "Mike Dewhirst" wrote: > On 31/10/2012 7:21pm, Kevin wrote: > >> Hello everyone, >> >>I am in the process of deploying a Django app

Re: Posting from HTTP to HTTPS on same domain results in CSRF failure

2012-10-31 Thread Mike Dewhirst
On 31/10/2012 7:21pm, Kevin wrote: Hello everyone, I am in the process of deploying a Django app which works both on HTTP and HTTPS connections, and require that some specific forms only submit via HTTPS. I want the transition process over to HTTPS to be seamless for the end-user. I am impl

Posting from HTTP to HTTPS on same domain results in CSRF failure

2012-10-31 Thread Kevin
Hello everyone, I am in the process of deploying a Django app which works both on HTTP and HTTPS connections, and require that some specific forms only submit via HTTPS. I want the transition process over to HTTPS to be seamless for the end-user. I am implementing this on a site-wide login