From b799117342aac733983c021fa623fb6602fcb347 Mon Sep 17 00:00:00 2001
From: Danilo Bargen <mail@dbrgn.ch>
Date: Mon, 4 Nov 2024 00:46:52 +0100
Subject: [PATCH] Fix CSRF validation by setting CSRF_TRUSTED_ORIGINS (#17)

---
 config/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/settings.py b/config/settings.py
index 430938c..d813372 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -51,6 +51,7 @@ def require_env(name):
 
 if DEBUG is False:
     ALLOWED_HOSTS = [env("ALLOWED_HOST", "reservations.coredump.ch")]
+    CSRF_TRUSTED_ORIGINS = [f"https://{host}" for host in ALLOWED_HOSTS]
 else:
     ALLOWED_HOSTS = []