add CSRF_TRUSTED_ORIGINS to settings

2025-01-30 19:01:13 +00:00 · 2025-01-25 23:26:24 +01:00 · 2025-01-25 23:26:24 +01:00 · 14a10d9438
commit 14a10d9438
parent f29572a516
2 changed files with 4 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@ -4,6 +4,9 @@ DEBUG=true
 # This is not the real key used in prod
 SECRET_KEY=(4sjxvhz@m5$0a$j0_pqicnc$s!vbve)z+&++m%g%bjhlz4+g2

+# comma-separated values
+CSRF_TRUSTED_ORIGINS=
+
 DATABASE_URL=sqlite:///db.sqlite3
 # uncomment the next line if you want to use a postgres database
 #DATABASE_URL=postgres://user:password@127.0.0.1:5432/sith
--- a/sith/settings.py
+++ b/sith/settings.py
@ -65,6 +65,7 @@ INTERNAL_IPS = ["127.0.0.1"]

 # force csrf tokens and cookies to be secure when in https
 CSRF_COOKIE_SECURE = env.bool("HTTPS", default=True)
+CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[])
 SESSION_COOKIE_SECURE = env.bool("HTTPS", default=True)
 X_FRAME_OPTIONS = "SAMEORIGIN"