Add CSRF_TRUSTED_ORIGINS config

mysociety · Dec 7, 2023 · 91107b5 · 91107b5
1 parent ae8b33a
commit 91107b5
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/conf/general.yml-example b/conf/general.yml-example
@@ -42,4 +42,8 @@ BUGS_EMAIL: 'example@example.org'
 EMAIL_SUBJECT_PREFIX: '[MapIt] '
 
 # Maximum number of results returned from /addressbase API call
-ADDRESSBASE_RESULTS_LIMIT: 100
+ADDRESSBASE_RESULTS_LIMIT: 100
+
+# List of origins that unsafe (e.g. POST) requests are accepted from
+# Should generally just be https://<vhost name>
+CSRF_TRUSTED_ORIGINS: []
diff --git a/labour_project/settings.py b/labour_project/settings.py
@@ -143,6 +143,7 @@ def allow_migrate(self, db, app_label, model_name=None, **hints):
 SECRET_KEY = config.get('DJANGO_SECRET_KEY', '')
 
 ALLOWED_HOSTS = ['*']
+CSRF_TRUSTED_ORIGINS = config.get('CSRF_TRUSTED_ORIGINS', [])
 
 TIME_ZONE = 'Europe/London'
 LANGUAGE_CODE = 'en-gb'