prod.py never read the CSRF_TRUSTED_ORIGINS env var the deployment already injects, so Django's setting stayed empty. Behind traefik's TLS termination Django saw requests as HTTP and rejected the browser's https:// Origin on every POST with a CSRF failure (403) — forms could not be saved and the DB stayed empty. - Read CSRF_TRUSTED_ORIGINS from env (filtering empties). - Set SECURE_PROXY_SSL_HEADER so Django recognizes HTTPS via X-Forwarded-Proto. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| apps | ||
| settings | ||
| templates | ||
| tests | ||
| __init__.py | ||
| asgi.py | ||
| urls.py | ||
| wsgi.py | ||