# CSRF_TRUSTED_ORIGINS

* new in Django4: setting CSRF_TRUSTED_ORIGINS needs to be set to schema+host for new CSRF security handling
2023-11-28 12:59:40 +01:00 · 2023-11-28 12:59:40 +01:00 · fb67e42078
commit fb67e42078
parent 691292c325
1 changed files with 4 additions and 0 deletions
--- a/konova/sub_settings/django_settings.py
+++ b/konova/sub_settings/django_settings.py
@ -42,6 +42,10 @@ ALLOWED_HOSTS = [
    "localhost",
 ]

+CSRF_TRUSTED_ORIGINS = [
+    "http://localhost",  # not only host but schema (http/s) as well!
+]
+
 # Authentication settings
 LOGIN_URL = "/login/"