diff --git a/.env.production.example b/.env.production.example
index f2cda5d..28be915 100644
--- a/.env.production.example
+++ b/.env.production.example
@@ -7,7 +7,7 @@ NEXT_PUBLIC_BACKEND_URL="https://robodrone.codersforcauses.com/api"
 # BACKEND
 APP_NAME=DjangoAPI
 API_SECRET_KEY= CHANGE THIS TO A RANDOM STRING
-API_ALLOWED_HOSTS=".localhost 127.0.0.1 [::1]"
+API_ALLOWED_HOSTS=".localhost 127.0.0.1 [::1] .codersforcauses.org"
 
 POSTGRES_HOST=db
 POSTGRES_NAME=postgres
diff --git a/server/api/settings.py b/server/api/settings.py
index 789adcc..d0f3714 100644
--- a/server/api/settings.py
+++ b/server/api/settings.py
@@ -38,6 +38,11 @@
     else []
 )
 
+CSRF_TRUSTED_ORIGINS = (
+    "http://localhost:3000",
+    "http://127.0.0.1:3000",
+    os.environ.get("FRONTEND_URL"),
+)
 
 # Application definition
 
@@ -70,6 +75,7 @@
 CORS_ALLOWED_ORIGINS = [
     "http://localhost:3000",
     "http://127.0.0.1:3000",
+    os.environ.get("FRONTEND_URL")
 ]
 
 ROOT_URLCONF = "api.urls"