diff --git a/later42/settings.py b/later42/settings.py
index 8ab47e0..00ae201 100644
--- a/later42/settings.py
+++ b/later42/settings.py
@@ -25,8 +25,8 @@ SECRET_KEY = os.getenv('SECRET', 'django-insecure-c%g@wujt4dco#e%k-!25o3)0%t+wm5
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = os.getenv('DEBUG', 'False')
 
-ALLOWED_HOSTS = ['*']
-CSRF_TRUSTED_ORIGINS = ['*']
+ALLOWED_HOSTS = ['*', os.getenv('DOMAIN')]
+CSRF_TRUSTED_ORIGINS = ['https://' + os.getenv('DOMAIN', 'localhost')]
 
 
 # Application definition