From 1b3ae6340068ab6c1e3bb61ddefcfa94799706d1 Mon Sep 17 00:00:00 2001
From: Samuel Young <samuel.young@softwire.com>
Date: Mon, 30 Dec 2024 16:37:26 +0000
Subject: [PATCH] PC-1294: specify csrf trusted origins

use the BASE_URL environment variable to make this work across environments
---
 help_to_heat/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/help_to_heat/settings.py b/help_to_heat/settings.py
index 1c6dffb6..c4f060ac 100644
--- a/help_to_heat/settings.py
+++ b/help_to_heat/settings.py
@@ -258,6 +258,8 @@ def show_toolbar(request):
 
 TOTP_ISSUER = "Help to Heat Supplier Portal"
 
+CSRF_TRUSTED_ORIGINS = [BASE_URL]
+
 if not DEBUG:
     SESSION_COOKIE_SECURE = True
     SESSION_EXPIRE_AT_BROWSER_CLOSE = True