simonbru
commented
2 years ago As I understand, this issue is caused by a mismatch of the Origin/ Referer header sent by the browser (httpS://myproject.docker.test), and what Django thinks should be the allowed origin for the current request (http://example-project.d.test, without TLS).
I think a better fix for this issue would be to set the following in dev.py, so that Django calculates the allowed origin correctly for requests coming from traefik:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')This would fix other issues, such as request.build_absolute_uri() only building HTTP URLs in dev. By the way, we already applied this setting in some Django 3 projects for this reason.
@OdyX Does that makes sense for you too ?
OdyX
Without this, admin site login doesn't work locally.