prod.py never read the CSRF_TRUSTED_ORIGINS env var the deployment already injects, so Django's setting stayed empty. Behind traefik's TLS termination Django saw requests as HTTP and rejected the browser's https:// Origin on every POST with a CSRF failure (403) — forms could not be saved and the DB stayed empty. - Read CSRF_TRUSTED_ORIGINS from env (filtering empties). - Set SECURE_PROXY_SSL_HEADER so Django recognizes HTTPS via X-Forwarded-Proto. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| base.py | ||
| dev.py | ||
| prod.py | ||