Django + uWSGI + Nginx returns 403 Forbidden when using HTTPS
I am writing a RESTful server application using Django 1.7.7 and Django REST. The app works fine when I run it on the Django test server.
I have now deployed it to a staging server on AWS running Nginx and uWSGI. The server seems to be running fine, but calling the POST method produces a "403 Forbidden" response. If I disable HTTPS, the call works fine, so it has something to do with HTTPS.
Here is my Nginx config file for the site:
server {
listen 443 ssl;
charset utf-8;
server_name <HERE MY SERVER ADDRESS>;
ssl on;
ssl_certificate /etc/nginx/ssl/myapp.crt;
ssl_certificate_key /etc/nginx/ssl/myapp.key;
ssl_ciphers 'AES128+EECDH:AES128+EDH:!aNULL';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:3031;
uwsgi_param UWSGI_SCHEME https;
uwsgi_param UWSGI_SCRIPT myapp.wsgi;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param HTTPS $https if_not_empty;
}
}
Retry if I change listen 443 ssl
to listen 80 default_server
and change ssl on
to ssl off
, the POST methods work as they should.
Here's the uWSGI config file:
[uwsgi]
socket = 127.0.0.1:3031
chdir = /web/myapp/source/myapp
module = myapp.wsgi
One thing I suspect is that the CSRF header is removed somewhere before it re-links the Django CSRF middleware, but I don't know how to test this. It could be something completely different.
source to share
No one has answered this question yet
Check out similar questions: