Django 1.11.X - csrf hints when using requests to make direct view requests over https

[Michael McDaniels]

When using the requests module to construct Django view requests over https, insure you use lower case in your ALLOWED_HOSTS and/or CSRF_TRUSTED_ORIGINS in settings.py. The module 'django.middleware.csrf' calls 'is_same_domain()' from 'django.utils.http' which does a 'lower()' on the host portion only, but the 'netloc' field of the referer object is extracted from the full domain name and remains upper case. In the host naming convention, case is irrelevant. However, this simple mistake in your configuration since 'is_same_domain()' does not correct both strings before comparison, may result in the REASON_BAD_REFERER error.