From f342a0049645c44747f156395506dd0baa29246d Mon Sep 17 00:00:00 2001
From: jumagu <jmgg.gutierrez@gmail.com>
Date: Mon, 30 Dec 2024 17:14:59 -0500
Subject: [PATCH] fix: update allowed hosts and CSRF settings for production
 environment

---
 src/home/settings.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/home/settings.py b/src/home/settings.py
index 1a8074d..39ccee1 100644
--- a/src/home/settings.py
+++ b/src/home/settings.py
@@ -49,17 +49,20 @@
 BASE_URL = config('BASE_URL', default=None)
 
 ALLOWED_HOSTS = [
-    '.railway.app', # https://saas.prod.railway.app
+    'django-saas-prod.up.railway.app',
 ]
 if DEBUG:
     ALLOWED_HOSTS += [
         '127.0.0.1',
         'localhost',
+        'django-saas-prod.up.railway.app',
     ]
 
+CSRF_TRUSTED_ORIGINS = ['https://django-saas-prod.up.railway.app']
+CSRF_ALLOWED_ORIGINS = ['https://django-saas-prod.up.railway.app']
+CORS_ORIGINS_WHITELIST = ['https://django-saas-prod.up.railway.app']
 
 # Application definition
-
 INSTALLED_APPS = [
     # django-apps
     'django.contrib.admin',