From 0ad0a079b49eaef0c7b6c78057d6271fa483c187 Mon Sep 17 00:00:00 2001
From: yuetsh <517252939@qq.com>
Date: Tue, 4 Mar 2025 20:09:06 +0800
Subject: [PATCH] fix CSRF

---
 api/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/api/settings.py b/api/settings.py
index 145bd4b..373e24e 100644
--- a/api/settings.py
+++ b/api/settings.py
@@ -28,8 +28,10 @@ DEBUG = os.getenv("ENV") != "production"
 
 if DEBUG:
     ALLOWED_HOSTS = ["localhost", "127.0.0.1"]
+    CSRF_TRUSTED_ORIGINS = ["http://localhost:3000"]
 else:
     ALLOWED_HOSTS = ["web.xuyue.cc"]
+    CSRF_TRUSTED_ORIGINS = ["https://web.xuyue.cc"]
 
 # Application definition