From 82bb8328c48584e242d6f3127d2225425d34331c Mon Sep 17 00:00:00 2001
From: bartool <bartoolina@gmail.com>
Date: Sat, 29 Nov 2025 23:08:35 +0100
Subject: [PATCH] add CSRF trusted origins to settings and docker-compose
 environment

---
 backand/MPM/settings.py | 3 +++
 docker-compose.yml      | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/backand/MPM/settings.py b/backand/MPM/settings.py
index 11623f1..48c46ce 100644
--- a/backand/MPM/settings.py
+++ b/backand/MPM/settings.py
@@ -128,6 +128,9 @@ STATIC_ROOT = BASE_DIR / "staticfiles"
 USE_X_FORWARDED_HOST = True
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
+# CSRF Trusted Origins
+CSRF_TRUSTED_ORIGINS = os.getenv("CSRF_TRUSTED_ORIGINS", "").split(",")
+
 # Default primary key field type
 # https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-field
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 2a96c27..3943998 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,6 +6,10 @@ services:
       dockerfile: Dockerfile
     env_file:
       - ./backand/.env
+    environment:
+      - HOSTS=bartool.ovh,localhost
+      - CSRF_TRUSTED_ORIGINS=https://bartool.ovh
+      - NODE_ENV=production
     volumes:
       - static_content:/app/staticfiles
     ports: