fix: add support for trusted CSRF origins so admin forms work again (#108)

Author: corp-0

example.env

@@ -18,3 +18,6 @@ DB_PORT=5432
 WEBSITE_URL = http://localhost:8000
 PASS_RESET_URL_SUFFIX = reset-password/
 ACCOUNT_CONFIRMATION_URL_SUFFIX = confirm-email/
+
+# trusted origins
+CSRF_TRUSTED_ORIGINS=http://localhost:8000,https://prod-api.unitystation.org,https://dev-api.unitystation.org

src/central_command/settings.py

@@ -38,6 +38,9 @@
 
 ALLOWED_HOSTS = ["*"] if DEBUG else ["localhost", "127.0.0.1"]
 
+_csrf_origins = os.environ.get("CSRF_TRUSTED_ORIGINS", "")
+CSRF_TRUSTED_ORIGINS = [origin.strip() for origin in _csrf_origins.split(",") if origin.strip()]
+
 INSTALLED_APPS = [
     "django.contrib.admin",
     "django.contrib.auth",