From d26196a7f1827e1a4ad9bd3f4b91fd2f5bfbb57e Mon Sep 17 00:00:00 2001
From: Disco DeDisco <adamcraighamilton@gmail.com>
Date: Wed, 18 Feb 2026 23:32:43 -0500
Subject: [PATCH] added CSRF_TRUSTED_ORIGINS to core.settings, now that https
 added

---
 src/core/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/core/settings.py b/src/core/settings.py
index 9a3ecd9..3a1c3ae 100644
--- a/src/core/settings.py
+++ b/src/core/settings.py
@@ -27,6 +27,7 @@ if 'DJANGO_DEBUG_FALSE' in os.environ:
     DEBUG = False
     SECRET_KEY = os.environ['DJANGO_SECRET_KEY']
     ALLOWED_HOSTS = [host.strip() for host in os.environ['DJANGO_ALLOWED_HOST'].split(',')]
+    CSRF_TRUSTED_ORIGINS = [f'https://{host.strip()}' for host in os.environ['DJANGO_ALLOWED_HOST'].split(',')]
 else:
     DEBUG = True
     # SECURITY WARNING: keep the secret key used in production secret!