From 4017ceac512595e3ce3ca8b13aa1b607eabf23da Mon Sep 17 00:00:00 2001
From: saani <saani@BlackBusinessLabs.com>
Date: Fri, 5 Dec 2025 12:52:52 +0000
Subject: [PATCH] feat: update CORS and CSRF trusted origins for improved
 security

---
 booking_system/settings.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/booking_system/settings.py b/booking_system/settings.py
index bcc70e3..029c7bb 100644
--- a/booking_system/settings.py
+++ b/booking_system/settings.py
@@ -15,14 +15,17 @@ DEBUG = os.getenv('DEBUG', 'False').lower() == 'true'
 ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '*').split(',')
 
 CORS_ALLOWED_ORIGINS = [
-    'https://attunehearttherapy.com'
+    'https://attunehearttherapy.com',
+    'https://www.attunehearttherapy.com',
+    'https://api.attunehearttherapy.com',
 ]
 
 CORS_ALLOW_CREDENTIALS = True
 
 CSRF_TRUSTED_ORIGINS = [
     'https://api.attunehearttherapy.com',
-    'https://attunehearttherapy.com'
+    'https://attunehearttherapy.com',
+    'https://www.attunehearttherapy.com',
 ]
 
 INSTALLED_APPS = [
-- 
2.39.5