From 26fd76670e421d042c5dcb8b7f0cadce6db2d1f3 Mon Sep 17 00:00:00 2001
From: SejiL <mohammadsajjadasaadi@gmail.com>
Date: Tue, 7 Jun 2022 10:39:23 +0430
Subject: [PATCH] Fixed CSRF problem

---
 configuration/configuration.py | 4 +++-
 env/netbox.env                 | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/configuration/configuration.py b/configuration/configuration.py
index 1db6051..9872c69 100644
--- a/configuration/configuration.py
+++ b/configuration/configuration.py
@@ -34,6 +34,8 @@ _BASE_DIR = dirname(dirname(abspath(__file__)))
 #
 # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
 ALLOWED_HOSTS = environ.get('ALLOWED_HOSTS', '*').split(' ')
+# Example: CSRF_TRUSTED_ORIGINS = http://netbox.example.com/*
+CSRF_TRUSTED_ORIGINS = environ.get('CSRF_TRUSTED_ORIGINS', '').split(' ')
 
 # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
 #   https://docs.djangoproject.com/en/stable/ref/settings/#databases
@@ -82,7 +84,7 @@ SECRET_KEY = _read_secret('secret_key', environ.get('SECRET_KEY', ''))
 
 
 #########################
-#                       #
+#                       #http://localhost
 #   Optional settings   #
 #                       #
 #########################
diff --git a/env/netbox.env b/env/netbox.env
index 456cac9..08b71a7 100644
--- a/env/netbox.env
+++ b/env/netbox.env
@@ -1,4 +1,5 @@
 CORS_ORIGIN_ALLOW_ALL=True
+CSRF_TRUSTED_ORIGINS=http://netbox.example.com/*
 DB_HOST=postgres
 DB_NAME=netbox
 DB_PASSWORD=J5brHrAXFLQSif0K