From 3cf9c853a6c2e0453f074bce5eeb4ad51e893764 Mon Sep 17 00:00:00 2001
From: jessikitty <jess.rogerson.29@outlook.com>
Date: Thu, 4 Jun 2026 15:05:18 +1000
Subject: [PATCH] fix: add CSRF_TRUSTED_ORIGINS support via env var

---
 busManager/busManager/settings.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/busManager/busManager/settings.py b/busManager/busManager/settings.py
index 9dbcc1a..1d1ef84 100644
--- a/busManager/busManager/settings.py
+++ b/busManager/busManager/settings.py
@@ -30,6 +30,10 @@ DEBUG = (os.environ.get("DEBUG", default=False).lower() == 'true')
 
 ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS').split(' ')
 
+# CSRF trusted origins — required when behind a reverse proxy with HTTPS
+_csrf_origins = os.environ.get('CSRF_TRUSTED_ORIGINS', '')
+CSRF_TRUSTED_ORIGINS = [o.strip() for o in _csrf_origins.split(',') if o.strip()]
+
 # Application definition
 
 INSTALLED_APPS = [