These lines in your settings.py file are great for production because you are using an SSL certificate attached to your domain. However, at the local level you are probably using http://localhost:8000 or something similar. If you try to connect via https://localhost:{{YOUR_PORT_NUMBER}} , you will most likely get an error, for example ERR_SSL_PROTOCOL_ERROR .
The problem is lines 167-168 of django / django / middleware / csrf.py. When you use https for production, request.is_secure() returns True ..., which requires that HTTP_REFERER also True, or you will receive an error message.
One solution would be to customize your settings.py file depending on whether you are in a local or production environment . Thus, you can add these three lines to the settings_production.py file, which imports other parameters that are common to localhost and your production server. Your localhost will use a different set of parameters that do not include these lines.