From dd5bfc3bfc7dd00f28fc14ccd49f4b8ae785e3b9 Mon Sep 17 00:00:00 2001
From: rolandpo <rolopod@gmail.com>
Date: Tue, 4 Apr 2023 16:00:22 +0200
Subject: [PATCH] remove csrf exemption

---
 eagleproject/core/views.py            | 2 --
 eagleproject/eagleproject/settings.py | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/eagleproject/core/views.py b/eagleproject/core/views.py
index ed693604..e8364b49 100644
--- a/eagleproject/core/views.py
+++ b/eagleproject/core/views.py
@@ -7,7 +7,6 @@
 from django.core.exceptions import ValidationError
 from django.core.validators import validate_email
 
-from django.views.decorators.csrf import csrf_exempt
 import random
 from django.template.loader import render_to_string
 
@@ -851,7 +850,6 @@ def generate_token():
     return "%0.12d" % random.randint(0, 999999999999)
 
 
-@csrf_exempt
 def subscribe(request):
     latest_report_url = request.build_absolute_uri('/reports/weekly')
     if request.method == 'POST':
diff --git a/eagleproject/eagleproject/settings.py b/eagleproject/eagleproject/settings.py
index 8ac811cb..a66eac6b 100644
--- a/eagleproject/eagleproject/settings.py
+++ b/eagleproject/eagleproject/settings.py
@@ -60,6 +60,8 @@
 
 ALLOWED_HOSTS = [env("ALLOWED_HOST"), "analytics.ousd.com"]
 
+CSRF_TRUSTED_ORIGINS = ["https://analytics.ousd.com"]
+
 
 # Application definition