diff --git a/docker-compose.yml b/docker-compose.yml
index 1b2bd52..75c6a3c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,7 @@ services:
     environment:
       - DEBUG=True
       - ALLOWED_HOSTS=*
+      - CSRF_TRUSTED_ORIGINS=https://raulrockbar.com.br,https://api.raulrockbar.com.br
 
     volumes:
       - /DATA/AppData/rrbec-api-django:/app
diff --git a/gestaoRaul/settings.py b/gestaoRaul/settings.py
index 7213c2e..07ead03 100644
--- a/gestaoRaul/settings.py
+++ b/gestaoRaul/settings.py
@@ -39,7 +39,11 @@ SECRET_KEY = os.getenv(
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = os.getenv("DEBUG", "True") == "True"
 
-ALLOWED_HOSTS = ["*"]
+CSRF_TRUSTED_ORIGINS = (
+    os.getenv("CSRF_TRUSTED_ORIGINS", "").split(",")
+    if os.getenv("CSRF_TRUSTED_ORIGINS")
+    else []
+)
 
 
 # Application definition