From 1fe7e34d61513a896c24f155378278b78f892a61 Mon Sep 17 00:00:00 2001
From: Frinze Lapuz <frinzekt@gmail.com>
Date: Sat, 19 Jul 2025 09:59:55 +0000
Subject: [PATCH 1/2] fixes for csrf

---
 server/api/settings.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/api/settings.py b/server/api/settings.py
index 789adcc..d0f3714 100644
--- a/server/api/settings.py
+++ b/server/api/settings.py
@@ -38,6 +38,11 @@
     else []
 )
 
+CSRF_TRUSTED_ORIGINS = (
+    "http://localhost:3000",
+    "http://127.0.0.1:3000",
+    os.environ.get("FRONTEND_URL"),
+)
 
 # Application definition
 
@@ -70,6 +75,7 @@
 CORS_ALLOWED_ORIGINS = [
     "http://localhost:3000",
     "http://127.0.0.1:3000",
+    os.environ.get("FRONTEND_URL")
 ]
 
 ROOT_URLCONF = "api.urls"

From b223cbd424b6cbe8ffa0f8df3544e8a43d561aa7 Mon Sep 17 00:00:00 2001
From: Frinze Lapuz <frinzekt@gmail.com>
Date: Sat, 19 Jul 2025 10:00:30 +0000
Subject: [PATCH 2/2] fix example prod evn

---
 .env.production.example | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.env.production.example b/.env.production.example
index f2cda5d..28be915 100644
--- a/.env.production.example
+++ b/.env.production.example
@@ -7,7 +7,7 @@ NEXT_PUBLIC_BACKEND_URL="https://robodrone.codersforcauses.com/api"
 # BACKEND
 APP_NAME=DjangoAPI
 API_SECRET_KEY= CHANGE THIS TO A RANDOM STRING
-API_ALLOWED_HOSTS=".localhost 127.0.0.1 [::1]"
+API_ALLOWED_HOSTS=".localhost 127.0.0.1 [::1] .codersforcauses.org"
 
 POSTGRES_HOST=db
 POSTGRES_NAME=postgres