Trusted origins needed for CSRF (https://stackoverflow.com/a/70509982)

2023-10-27 08:30:08 +01:00 · 2023-10-27 08:30:08 +01:00 · 68e28d2e92
commit 68e28d2e92
parent 4f0b1c44cb
1 changed files with 2 additions and 0 deletions
--- a/mwmbl/settings_prod.py
+++ b/mwmbl/settings_prod.py
@ -12,6 +12,8 @@ DATABASES = {'default': dj_database_url.config(default=os.environ["DATABASE_URL"

 DEBUG = False
 ALLOWED_HOSTS = ["api.mwmbl.org", "mwmbl.org", "beta.mwmbl.org"]
+CSRF_TRUSTED_ORIGINS = list(ALLOWED_HOSTS)
+

 DATA_PATH = "/app/storage"
 RUN_BACKGROUND_PROCESSES = False