django https + CSRF

I'm trying to setup django site work ower https with csrf protection. It work on nginx server.

nginx works on https and my django app succesful serve GET requests. when i try to make post request it's fail with

Forbidden (403)

CSRF verification failed. Request aborted.

CSRF cookie not set.

I set

fastcgi_param HTTPS on;

in settings.py

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

but no results. Is any ideas?

UPDATE! Now i try to work with my django app ower http with nginx and i have the same problem, so https does not make a sense. How can I start it work with nginx ower http and use csrf开发者_StackOverflow protection?

UPDATE! AND SOLUTION! ensure_csrf_cookie - decorator to force sending csrf token to requested page. it helps me because my app works mostly with ajax POST and GET, which don't use the tags.

I believe you need either the csrf tag inside your html template,

<form action="" method="post">{% csrf_token %}

or a decorator above your view method ...

@csrf_protect
def my_view(request):

Read here: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/