fix: add CSRF_TRUSTED_ORIGINS support via env var

2026-06-04 15:05:18 +10:00
parent 4f8ad25100
commit 3cf9c853a6
1 changed files with 4 additions and 0 deletions
@@ -30,6 +30,10 @@ DEBUG = (os.environ.get("DEBUG", default=False).lower() == 'true')

 ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS').split(' ')

+# CSRF trusted origins — required when behind a reverse proxy with HTTPS
+_csrf_origins = os.environ.get('CSRF_TRUSTED_ORIGINS', '')
+CSRF_TRUSTED_ORIGINS = [o.strip() for o in _csrf_origins.split(',') if o.strip()]
+
 # Application definition

 INSTALLED_APPS = [