From e707cd109959cf77231465b0c4eee3232c810056 Mon Sep 17 00:00:00 2001
From: Injoon Hwang <injoon0617@gmail.com>
Date: Wed, 5 Jul 2023 14:07:12 +0000
Subject: [PATCH] Update CSRF trusted origins

---
 ara/settings/dev/__init__.py  | 5 ++++-
 ara/settings/prod/__init__.py | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/ara/settings/dev/__init__.py b/ara/settings/dev/__init__.py
index 0da0bbc3..95599b31 100644
--- a/ara/settings/dev/__init__.py
+++ b/ara/settings/dev/__init__.py
@@ -7,7 +7,10 @@
 DEBUG = True
 
 ALLOWED_HOSTS = ["*"]
-CSRF_TRUSTED_ORIGINS = ["*"]
+CSRF_TRUSTED_ORIGINS = [
+    "https://*.sparcs.org",
+    "http://localhost",
+]
 
 CORS_ORIGIN_ALLOW_ALL = True
 
diff --git a/ara/settings/prod/__init__.py b/ara/settings/prod/__init__.py
index b115458a..8ba9fc30 100644
--- a/ara/settings/prod/__init__.py
+++ b/ara/settings/prod/__init__.py
@@ -10,8 +10,8 @@
 ]
 
 CSRF_TRUSTED_ORIGINS = [
-    "newara.sparcs.org",
-    "ara.sparcs.org",
+    "https://newara.sparcs.org",
+    "https://ara.sparcs.org",
 ]
 
 SSO_IS_BETA = False