From 6b1b2a122750313a74835faa1ed3e8c7fc131541 Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Fri, 15 Dec 2017 23:10:42 +0100
Subject: [PATCH] Fixed #49: set CSRF_TRUSTED_ORIGINS from ALLOWED_HOSTS

---
 CHANGELOG                         | 8 +++++++-
 api/config/settings/production.py | 2 ++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index dd6aa44ca..fdaa931b5 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -5,11 +5,17 @@ Changelog
 0.2.5 (unreleased)
 ------------------
 
+Features:
+
 - Import: can now specify search template when querying import sources (#45)
-- Player: better handling of errors when fetching the audio file (#46)
 - Login form: now redirect to previous page after login (#2)
 - 404: a decent 404 template, at least (#48)
 
+Bugfixes:
+
+- Player: better handling of errors when fetching the audio file (#46)
+- Csrf: default CSRF_TRUSTED_ORIGINS to ALLOWED_HOSTS to avoid Csrf issues on admin (#49)
+
 
 0.2.4 (2017-12-14)
 ------------------
diff --git a/api/config/settings/production.py b/api/config/settings/production.py
index a132076c7..ba02b5fd5 100644
--- a/api/config/settings/production.py
+++ b/api/config/settings/production.py
@@ -55,6 +55,8 @@ SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 # Hosts/domain names that are valid for this site
 # See https://docs.djangoproject.com/en/1.6/ref/settings/#allowed-hosts
 ALLOWED_HOSTS = env.list('DJANGO_ALLOWED_HOSTS')
+CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS
+
 # END SITE CONFIGURATION
 
 INSTALLED_APPS += ("gunicorn", )
-- 
GitLab