From 14a10d943866ee9533f6076b6c9c20ca4c73a1cb Mon Sep 17 00:00:00 2001
From: imperosol <thgirod@hotmail.com>
Date: Sat, 25 Jan 2025 23:26:24 +0100
Subject: [PATCH] add CSRF_TRUSTED_ORIGINS to settings

---
 .env.example     | 3 +++
 sith/settings.py | 1 +
 2 files changed, 4 insertions(+)

diff --git a/.env.example b/.env.example
index 266af2a1..0f716d8a 100644
--- a/.env.example
+++ b/.env.example
@@ -4,6 +4,9 @@ DEBUG=true
 # This is not the real key used in prod
 SECRET_KEY=(4sjxvhz@m5$0a$j0_pqicnc$s!vbve)z+&++m%g%bjhlz4+g2
 
+# comma-separated values
+CSRF_TRUSTED_ORIGINS=
+
 DATABASE_URL=sqlite:///db.sqlite3
 # uncomment the next line if you want to use a postgres database
 #DATABASE_URL=postgres://user:password@127.0.0.1:5432/sith
diff --git a/sith/settings.py b/sith/settings.py
index 329fb2ae..45ba79f1 100644
--- a/sith/settings.py
+++ b/sith/settings.py
@@ -65,6 +65,7 @@ INTERNAL_IPS = ["127.0.0.1"]
 
 # force csrf tokens and cookies to be secure when in https
 CSRF_COOKIE_SECURE = env.bool("HTTPS", default=True)
+CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[])
 SESSION_COOKIE_SECURE = env.bool("HTTPS", default=True)
 X_FRAME_OPTIONS = "SAMEORIGIN"