ATTUNE-HEART-THERAPY/alternative-backend-service
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ATTUNE-HEART-THERAPY:01c5efe746e0007d4ab0e52ed44fa22c91e95272
Branches Tags
ATTUNE-HEART-THERAPY:main
ATTUNE-HEART-THERAPY:feature/meetings
ATTUNE-HEART-THERAPY:feature/authentication_and_authorization
...
compare: ATTUNE-HEART-THERAPY:1a84b8eb9956d5b9d1be13ff785a275361dfb2e9
Branches Tags
ATTUNE-HEART-THERAPY:main
ATTUNE-HEART-THERAPY:feature/meetings
ATTUNE-HEART-THERAPY:feature/authentication_and_authorization

2 Commits
01c5efe746 ... 1a84b8eb99

Author SHA1 Message Date
Saani
1a84b8eb99 Merge pull request 'config: add CSRF trusted origins for production domains' (#37) from feature/meetings into main 
Reviewed-on: https://gitea.blackbusinesslabs.com/ATTUNE-HEART-THERAPY/alternative-backend-service/pulls/37
 2025-11-25 18:28:53 +00:00
saani
4f07d854e1 config: add CSRF trusted origins for production domains 
Add CSRF_TRUSTED_ORIGINS setting to whitelist the production domains
(attunehearttherapy.com and its api subdomain) for CSRF verification.
This ensures secure cross-origin POST requests from the frontend.

Also add documentation comment for CORS configuration section.
 2025-11-25 18:27:57 +00:00
1 changed files with 5 additions and 0 deletions
Show Stats Expand all files Collapse all files

5
booking_system/settings.py
View File

@ -14,6 +14,7 @@ DEBUG = os.getenv('DEBUG', 'False').lower() == 'true'
ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '*').split(',') ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '*').split(',')
# CORS Configuration
CORS_ALLOWED_ORIGINS = [ CORS_ALLOWED_ORIGINS = [
'http://localhost:3000', 'http://localhost:3000',
'http://127.0.0.1:3000', 'http://127.0.0.1:3000',
@ -22,6 +23,10 @@ CORS_ALLOWED_ORIGINS = [
CORS_ALLOW_CREDENTIALS = True CORS_ALLOW_CREDENTIALS = True
CSRF_TRUSTED_ORIGINS = [
'https://api.attunehearttherapy.com',
'https://attunehearttherapy.com'
]
INSTALLED_APPS = [ INSTALLED_APPS = [
'jazzmin', 'jazzmin',