From f25c3b3b30d3497a61fb2508e92165f865ef9fef Mon Sep 17 00:00:00 2001
From: e <6410762+e-mit@users.noreply.github.com>
Date: Wed, 26 Jun 2024 23:30:26 +0100
Subject: [PATCH] Change CSRF settings

---
 django_app/django_app/settings.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/django_app/django_app/settings.py b/django_app/django_app/settings.py
index adc159c..f87c12b 100644
--- a/django_app/django_app/settings.py
+++ b/django_app/django_app/settings.py
@@ -134,3 +134,13 @@
 STATICFILES_DIRS = [
     BASE_DIR / 'project_static'
 ]
+
+# CSRF setup
+
+if not DEBUG:
+    CSRF_TRUSTED_ORIGINS = [f'https://{x}' for x in ALLOWED_HOSTS]
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+# These are for https only:
+# CSRF_COOKIE_SECURE = True
+# SESSION_COOKIE_SECURE = True