From bee63dd3e7e2304e8b90f423f29da7c42b3472dd Mon Sep 17 00:00:00 2001
From: Somraj-234 <jadhavsomraj234@gmail.com>
Date: Fri, 16 Aug 2024 23:25:24 +0530
Subject: [PATCH] added csrf settings

---
 src/sjhome/settings.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/sjhome/settings.py b/src/sjhome/settings.py
index ec6405c..d069801 100644
--- a/src/sjhome/settings.py
+++ b/src/sjhome/settings.py
@@ -57,6 +57,17 @@
 BASE_URL = config("BASE_URL", default=None)
 # print("DEBUG", DEBUG, type(DEBUG))
 
+CSRF_TRUSTED_ORIGINS = [
+    "https://sass-demo-production.up.railway.app",
+    ".railway.app"
+]
+
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
+CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_SECURE = True
+
+
 ALLOWED_HOSTS = [ 
     "sass-demo-production.up.railway.app",
     ".railway.app" # https://saas.prod.railway.app