feat: configure CSRF_TRUSTED_ORIGINS via environment variables for production domains

2026-04-06 05:55:42 +00:00 · 2026-04-05 12:20:40 -03:00
parent aec59990a7
commit df83dac830
2 changed files with 6 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,7 @@ services:
    environment:
      - DEBUG=True
      - ALLOWED_HOSTS=*
+      - CSRF_TRUSTED_ORIGINS=https://raulrockbar.com.br,https://api.raulrockbar.com.br

    volumes:
      - /DATA/AppData/rrbec-api-django:/app
--- a/gestaoRaul/settings.py
+++ b/gestaoRaul/settings.py
@@ -39,7 +39,11 @@ SECRET_KEY = os.getenv(
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = os.getenv("DEBUG", "True") == "True"

-ALLOWED_HOSTS = ["*"]
+CSRF_TRUSTED_ORIGINS = (
+    os.getenv("CSRF_TRUSTED_ORIGINS", "").split(",")
+    if os.getenv("CSRF_TRUSTED_ORIGINS")
+    else []
+)


 # Application definition