Django 4.0 and above
For Django 4.0 and above, CSRF_TRUSTED_ORIGINS must include scheme and host, e.g.:
CSRF_TRUSTED_ORIGINS = ['https://front.bluemix.net']
Django 3.2 and lower
For Django 3.2 and lower, CSRF_TRUSTED_ORIGINS must contain only the hostname, without a scheme:
CSRF_TRUSTED_ORIGINS = ['front.bluemix.net']
You probably also need to put something in ALLOWED_HOSTS...