Add concord.org to CSRF trusted origins

This will allow requests from embedded instances of MMW from inside concord.org to succeed. Refs #3499
WikiWatershed · Mar 9, 2022 · 3e779ed · 3e779ed
1 parent 40888b9
commit 3e779ed
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/src/mmw/mmw/settings/production.py b/src/mmw/mmw/settings/production.py
@@ -103,3 +103,12 @@
 # django-cookies-samesite
 SESSION_COOKIE_SAMESITE = 'None'  # Allows for cross site embedding into LARA
 SESSION_COOKIE_SECURE = True      # Only set cookies in HTTPS connections
+
+# CSRF
+CSRF_TRUSTED_ORIGINS = [
+    '.modelmywatershed.org',
+    '.concord.org'
+]
+
+CSRF_COOKIE_SAMESITE = 'None'  # Allow for embedding into Concord
+CSRF_COOKIE_SECURE = True      # Only set cookies in HTTPS connections