Django + uWSGI + Nginx returns 403 Forbidden when using HTTPS

I am writing a RESTful server application using Django 1.7.7 and Django REST. The app works fine when I run it on the Django test server.

I have now deployed it to a staging server on AWS running Nginx and uWSGI. The server seems to be running fine, but calling the POST method produces a "403 Forbidden" response. If I disable HTTPS, the call works fine, so it has something to do with HTTPS.

Here is my Nginx config file for the site:

server {
    listen 443 ssl;
    charset utf-8;
    server_name <HERE MY SERVER ADDRESS>;

    ssl on;
    ssl_certificate /etc/nginx/ssl/myapp.crt;
    ssl_certificate_key /etc/nginx/ssl/myapp.key;
    ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache shared:SSL:10m;
    ssl_prefer_server_ciphers on;

    add_header Strict-Transport-Security max-age=63072000;
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    location / {
        include uwsgi_params;
        uwsgi_pass 127.0.0.1:3031;
        uwsgi_param UWSGI_SCHEME https;
        uwsgi_param UWSGI_SCRIPT myapp.wsgi;
        uwsgi_param REQUEST_URI $request_uri;
        uwsgi_param DOCUMENT_ROOT $document_root;
        uwsgi_param SERVER_PROTOCOL $server_protocol;
        uwsgi_param HTTPS $https if_not_empty;
    }
}

      

        
        
        
      

    

Retry if I change listen 443 ssl

to listen 80 default_server

and change ssl on

to ssl off

, the POST methods work as they should.

Here's the uWSGI config file:

[uwsgi]
socket = 127.0.0.1:3031
chdir = /web/myapp/source/myapp
module = myapp.wsgi

      

        
        
        
      

    

One thing I suspect is that the CSRF header is removed somewhere before it re-links the Django CSRF middleware, but I don't know how to test this. It could be something completely different.