# CSRF_TRUSTED_ORIGINS

* new in Django4: setting CSRF_TRUSTED_ORIGINS needs to be set to schema+host for new CSRF security handling

konova/sub_settings/django_settings.py

@@ -42,6 +42,10 @@ ALLOWED_HOSTS = [
     "localhost",
 ]
 
+CSRF_TRUSTED_ORIGINS = [
+    "http://localhost",  # not only host but schema (http/s) as well!
+]
+
 # Authentication settings
 LOGIN_URL = "/login/"