CSRF validation does not work on Django using HTTPS
Django 4.0 and above For Django 4.0 and above, CSRF_TRUSTED_ORIGINS must include scheme and host, e.g.: CSRF_TRUSTED_ORIGINS = [‘https://front.bluemix.net’] Django 3.2 and lower For Django 3.2 and lower, CSRF_TRUSTED_ORIGINS must contain only the hostname, without a scheme: CSRF_TRUSTED_ORIGINS = [‘front.bluemix.net’] You probably also need to put something in ALLOWED_HOSTS…