From 226d50aa13c88d4f2ba57890ec3726c5b9d933dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Odd=20Str=C3=A5b=C3=B8?= <oddstr13@gmail.com>
Date: Tue, 18 Feb 2025 21:12:42 +0100
Subject: [PATCH] Fix CSRF trusted origins Force DJANGO_SECRET_KEY

---
 config/settings.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/settings.py b/config/settings.py
index 0461969..7321958 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -21,14 +21,14 @@
 # See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = os.getenv(
-    "DJANGO_SECRET_KEY",
-    "django-insecure-w^mv=r_(x-se8p#@i*dxfu1^*8$fci+116it+fkj*nx!o2h*r1",
-)
+SECRET_KEY = os.getenv("DJANGO_SECRET_KEY")
+assert SECRET_KEY, "DJANGO_SECRET_KEY env variable is required"
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = os.getenv("DJANGO_DEBUG", "False").lower() == "true"
 
 ALLOWED_HOSTS = os.getenv("DJANGO_HOSTS", "*").split(",")
+if ALLOWED_HOSTS[0] != "*":
+    CSRF_TRUSTED_ORIGINS = [f"https://{host}" for host in ALLOWED_HOSTS]
 
 
 # Application definition