(testing site – not for public use – official site: www.nawg.co.uk)

Issue 479776 – Website: cannot login via HTTPS Show all…

Type: Problem
State: In progress
Severity: Major
Priority: High
Found release: P.12.0
Description:

It's not possible to log in when accessing the site via HTTPS, although it works fine with HTTP.

Steps to Reproduce
  1. Go to http://test.nawg.co.uk/login.
  2. Enter correct credentials.
  3. Click the "submit" button and observe the results.
  4. Log out.
  5. Repeat with https://test.nawg.co.uk/login.
Expected Behaviour

Logging in should work with both protocols.

Actual Behaviour

Logging in only works with HTTP. With HTTPS there's a CSRF token failure, example given below.

Forbidden (403)

CSRF verification failed. Request aborted.

Impact

Members are unable to log in securely.

Resolution:

[02-Apr-2026 Kevin] Adding the appropriate protocols/domains to the "CSRF_TRUSTED_ORIGINS" setting seems to resolve this. Only tested locally so far.

Reported by: Kevin Machin
Assigned to: Kevin Machin

Author: Kevin Machin ♦ Created: 01-Apr-2026 ♦ Access: public ♦ Issue: https-csrf-token-fail