On Thu 09 Apr 2026 at 09:37, Einar Bjarni Halldórsson via Nav-users nav-users@lister.sikt.no wrote:

The haproxy frontend is TLS while the connection to the NAV backend is http (it's on the same host for reasons).

I've tried various suggestions for django csrf behind a reverse-proxy, including adding "http-request set-header X-Forwarded-Proto https" to haproxy frontend without success.

There are various django config options that are suggested, but those are not exposed through the nav.conf file.

Hi, Einar, you seem to be using the NAV web frontend in a configuration we have not attempted before, so this is new territory.

It does seem you will need something like these Django config settings in order to make this work:

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') CSRF_TRUSTED_ORIGINS = ['https://nav.example.com'] # your actual outward hostname

As you've noticed, these are not exposed in any NAV configuration file, so your only option is to use NAV's "local Django settings" mechanism to add your custom Django settings:

https://nav.readthedocs.io/en/latest/hacking/extending-nav-locally.html#djan...