From 49a8d3e984479f891ac81fe90b4a7ac57ee59a64 Mon Sep 17 00:00:00 2001
From: Flo Ha <flo.ha@posteo.net>
Date: Sun, 16 Oct 2022 16:42:32 +0200
Subject: [PATCH] dynamically determine CSRF trusted origins

---
 financeproject/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/financeproject/settings.py b/financeproject/settings.py
index 182af7e..2dcdc86 100644
--- a/financeproject/settings.py
+++ b/financeproject/settings.py
@@ -36,8 +36,8 @@ if PRODUCTION:
     SECRET_KEY = _get_env_secret_key()
     DEBUG = False
     ALLOWED_HOSTS = _get_env_allowed_hosts()
+    CSRF_TRUSTED_ORIGINS = [f"https://{host}" for host in ALLOWED_HOSTS]
     STATIC_ROOT = _get_env_static_root()
-    CSRF_TRUSTED_ORIGINS = ["https://finance.schokobier.de", ]
 else:
     SECRET_KEY = "QetNMYdSKo3kefmltcEeAu52HbyZBxXsROiYesIEwYwnX0rCuv"
     DEBUG = True