feat: update CORS and CSRF trusted origins for improved security

2025-12-05 12:52:52 +00:00 · 2025-12-05 12:52:52 +00:00 · 4017ceac51
commit 4017ceac51
parent ee8239aa1f
1 changed files with 5 additions and 2 deletions
--- a/booking_system/settings.py
+++ b/booking_system/settings.py
@ -15,14 +15,17 @@ DEBUG = os.getenv('DEBUG', 'False').lower() == 'true'
 ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '*').split(',')

 CORS_ALLOWED_ORIGINS = [
-    'https://attunehearttherapy.com'
+    'https://attunehearttherapy.com',
+    'https://www.attunehearttherapy.com',
+    'https://api.attunehearttherapy.com',
 ]

 CORS_ALLOW_CREDENTIALS = True

 CSRF_TRUSTED_ORIGINS = [
    'https://api.attunehearttherapy.com',
-    'https://attunehearttherapy.com'
+    'https://attunehearttherapy.com',
+    'https://www.attunehearttherapy.com',
 ]

 INSTALLED_APPS = [