From e9749650f1bc86b5470129a52e707880da6a5adf Mon Sep 17 00:00:00 2001
From: Kaladaran <tomvillette@gmail.com>
Date: Sun, 29 Oct 2023 23:35:41 +0100
Subject: [PATCH] fix csrf check

---
 .env.template      | 1 +
 marbas/settings.py | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.env.template b/.env.template
index 32e205e..bad4714 100644
--- a/.env.template
+++ b/.env.template
@@ -18,3 +18,4 @@ POSTGRES_DB=
 DRF_SECRET_KEY=
 DRF_DEBUG=
 ALLOWED_HOSTS=
+CSRF_TRUSTED_ORIGINS=
\ No newline at end of file
diff --git a/marbas/settings.py b/marbas/settings.py
index b18883d..d7e4424 100644
--- a/marbas/settings.py
+++ b/marbas/settings.py
@@ -28,7 +28,8 @@ DEBUG = os.getenv("DRF_DEBUG", False) == "True"
 
 ALLOWED_HOSTS = os.environ.get("ALLOWED_HOSTS", "").split(",")
 ALLOWED_HOSTS = [] if not any(ALLOWED_HOSTS) else ALLOWED_HOSTS
-CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS
+CSRF_TRUSTED_ORIGINS = os.environ.get("CSRF_TRUSTED_ORIGINS", "").split(",")
+CSRF_TRUSTED_ORIGINS = [] if not any(CSRF_TRUSTED_ORIGINS) else CSRF_TRUSTED_ORIGINS
 
 # Application definition