Django CSRF for both HTTP and HTTPS

I have a blog that runs behind both HTTP and HTTPS and am running into issues with the csrf token verification.

The CSRF token is available in each form as it should be, but when I'm on the HTTP version of the site and try to commit a comment I get the following error.

Forbidden (403) CSRF verification failed. Request aborted.

Referer checking failed - http://mysite.com/blog/1/ does not match https://mysite.com/.

It works fine when viewing the blog via HTTPS.

Anyone know how to get the verification to match both?

Solution

I figured it out. It was an issue with my fastcgi parameters

fastcgi_param HTTPS on;

setting an environ variable that required HTTPS to be on. Django does some extra enforcement for the csrf tokens when this variable is on.

django: on pypy, psyco, unladen swallow or cpython, which one is the fastest?
Password Reset functionality inheriting from Django clases - reverse url issues ('uidb64')
how to log a file in Django
Using filters with model inheritance
How to render a pdf file as pdf in browser using django
django.db.utils.ProgrammingError: relation "bot_trade" does not exist
Django DRF: @permission_classes not working
How to prevent bleach from escaping > (blockquote) tag used in Markdown
how to solve django.db.utils.NotSupportedError in django
CSRF cookie error after Django 3.2 update (DRF with token authentication)
How to make an Inner Join in django?
Object of type ListSerializer is not JSON serializable
How to get the common name for a pytz timezone eg. EST/EDT for America/New_York
How to serialize user permissions in Django Rest Framework?
Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding, when trying to start uwsgi
Error attempting to deploy my Django app on Vercel
Complex query using Django QuerySets
How to call asynchronous function in Django?
Django Sitemaps : Get only pages of the current website
How to manage.py loaddata in Django
'Invalid filter: 'length_is' Error in Django Template – How to Fix?
How to call OneToOneField reverse relationship in template (django)?
Django Rest Framework POST Update if existing or create
Django: get current manage.py command
Change Django ModelChoiceField to show users' full names rather than usernames
How to do aggregate raw sql with julian date in sqlite (with django)
Django send excel file to Celery Task. Error InMemoryUploadedFile
Monitoring django rest framework api on production server
Interactive Graphviz graphs in a web application
Django: Not Found static/admin/css