Another fix for CSRF and loginrequired middleware

1 files changed, 5 insertions, 0 deletions

diff --git a/ded/settings.py b/ded/settings.py
index b2b1da0..f9c3e8a 100644
--- a/ded/settings.py
+++ b/ded/settings.py
@@ -16,13 +16,18 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 
 # For staging (on OpenShift)
 # was getting 403, CSRF verification failed error
+# doesn't work
 CSRF_COOKIE_SECURE = True
 SESSION_COOKIE_SECURE = True
+CSRF_TRUSTED_ORIGINS = [
+    'https://*.apps.ocp1.azure.dso.digital.mod.uk',
+]
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/4.0/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
+# TODO Replace with environment variable
 SECRET_KEY = "django-insecure-z*tv24r*)-$q*l1=l64))qocs1x$*10c&6w_@ld^dw#=q#ndy2"
 
 # SECURITY WARNING: don't run with debug turned on in production!