From 30e21325271b3cf889d2f0debea241dd7bf9c544 Mon Sep 17 00:00:00 2001
From: Dmitriy Lyalyuev <dmitriy@lyalyuev.info>
Date: Fri, 14 Oct 2022 12:27:19 +0300
Subject: [PATCH] fix: csrf

---
 later42/settings.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/later42/settings.py b/later42/settings.py
index 8ab47e0..00ae201 100644
--- a/later42/settings.py
+++ b/later42/settings.py
@@ -25,8 +25,8 @@ SECRET_KEY = os.getenv('SECRET', 'django-insecure-c%g@wujt4dco#e%k-!25o3)0%t+wm5
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = os.getenv('DEBUG', 'False')
 
-ALLOWED_HOSTS = ['*']
-CSRF_TRUSTED_ORIGINS = ['*']
+ALLOWED_HOSTS = ['*', os.getenv('DOMAIN')]
+CSRF_TRUSTED_ORIGINS = ['https://' + os.getenv('DOMAIN', 'localhost')]
 
 
 # Application definition