Reverse Django apps with CSRF Enable on another Domain

README.md

Reverse Django Apps with CSRF Enabled and Different Domain

If you want to redirect your Django apps running on local domain (https://public.public.id) will be client access on (https://public.public.domain.id) you can use these technique :

Nginx conf on your first HOP

server {
    listen 80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name public.public.id;
    ssl_certificate /etc/letsencrypt/live/public.public.id/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/public.public.id/privkey.pem;

location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Referer "https://public.public.id";
    proxy_pass https://10.24.11.100;
    proxy_set_header Host public.public.id;
    }
}

Nginx on your second HOP (on VPS)

server {
    listen 80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name www.public.public.bignetlab.com public.public.bignetlab.com;
    ssl_certificate /etc/letsencrypt/live/public.public.bignetlab.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/public.public.bignetlab.com/privkey.pem;

location / {
    proxy_set_header Referer "https://10.8.0.24";
    proxy_pass https://10.8.0.24;
    proxy_set_header Host public.public.id;
    proxy_redirect https://public.public.id https://public.public.bignetlab.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-NginX-Proxy   true;
    proxy_pass_header       Set-Cookie;
    }
}

Access

Then, you can access https://public.public.id on https://public.public.domain.id with CSRF bypass.