From aa32494ce6477918ef02b4c4933f7e0146ab8969 Mon Sep 17 00:00:00 2001
From: Flo Ha <flo.ha@posteo.net>
Date: Wed, 13 Jul 2022 14:41:31 +0200
Subject: [PATCH] configure csrf

---
 gaehsnitzproject/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gaehsnitzproject/settings.py b/gaehsnitzproject/settings.py
index c2f6c1f..8db2150 100644
--- a/gaehsnitzproject/settings.py
+++ b/gaehsnitzproject/settings.py
@@ -33,6 +33,7 @@ if PRODUCTION:
     SECRET_KEY = _get_env_secret_key()
     DEBUG = False
     ALLOWED_HOSTS = _get_env_allowed_hosts()
+    CSRF_TRUSTED_ORIGINS = [f"https://{host}" for host in ALLOWED_HOSTS]
     STATIC_ROOT = _get_env_static_root()
 else:
     SECRET_KEY = "LqKSgoFtED4IFYxf01lBi5MEI4ExSayCakwLjyuzytDJ7vuMq9"
@@ -53,6 +54,7 @@ MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",