From 01b254e8ca332799febb43937d2a3439cefb2c30 Mon Sep 17 00:00:00 2001
From: jessikitty <jess.rogerson.29@outlook.com>
Date: Thu, 4 Jun 2026 15:05:34 +1000
Subject: [PATCH] fix: add CSRF_TRUSTED_ORIGINS to env example, remove Azure
 vars

---
 .env.example | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/.env.example b/.env.example
index a0f3946..af052e9 100644
--- a/.env.example
+++ b/.env.example
@@ -8,6 +8,8 @@ SECRET_KEY=change-me-to-a-long-random-string
 DEBUG=False
 # Space-separated list of allowed hosts/domains
 ALLOWED_HOSTS=localhost busmanager.yourdomain.com
+# Comma-separated list of trusted origins for CSRF (required when behind HTTPS reverse proxy)
+CSRF_TRUSTED_ORIGINS=https://busmanager.yourdomain.com
 
 # Database (Postgres - managed by Docker)
 SQL_DATABASE=busmanager
@@ -25,15 +27,6 @@ GUNICORN_TIMEOUT=120
 EMAIL_HOST=
 EMAIL_PORT=25
 
-# =============================================================
-# Optional: Azure AD SSO
-# Leave blank to use Django local auth instead
-# =============================================================
-AZURE_CLIENT_ID=
-AZURE_CLIENT_SECRET=
-AZURE_REDIRECT_URI=
-AZURE_AUTHORITY=
-
 # =============================================================
 # Optional: Telstra SMS API
 # Leave blank to disable SMS features