CSRF_TRUSTED_ORIGINS setting to enhance security (#857)

Hesbon5600 · web-flow · commit fe706305de61 · 2025-01-29T07:11:41.000+13:00
diff --git a/{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/settings.py b/{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/settings.py
@@ -68,6 +68,8 @@
 ALLOWED_HOSTS = env.list("HOST", default=["*"])
 SITE_ID = 1
 
+CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[])
+
 SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 SECURE_SSL_REDIRECT = env.bool("SECURE_REDIRECT", default=False)
 
