More settings, hx-headers back in body

mitchbeebe · mitchbeebe · commit 5b3fd21d3afb · 2024-04-02T23:55:54.000-04:00
diff --git a/birdle/templates/birdle/base.html b/birdle/templates/birdle/base.html
@@ -34,7 +34,7 @@
   {% block extra_head %}
   {% endblock %}
 </head>
-<body>
+<body hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}'>
   <nav class="navbar navbar-expand-sm bg-body-tertiary">
     <div class="container-fluid">
       <a class="navbar-brand mx-md-2" href="{% url 'daily_bird' %}"><i class="fas fa-dove"></i> Birdle</a>
@@ -48,7 +48,7 @@
             {% get_regions as regions %}
             {% for code, name in regions.items %}
             <li>
-              <a href="#" name={{code}} class="dropdown-item" hx-post="/region" hx-headers='{"X-CSRFToken": "{{ csrf_token }}"}' hx-target="#region" hx-swap="innerHTML">{{name}}</a>
+              <a href="#" name={{code}} class="dropdown-item" hx-post="/region" hx-target="#region" hx-swap="innerHTML">{{name}}</a>
             </li>
             {% endfor%}
           </ul>
diff --git a/config/settings.py b/config/settings.py
@@ -183,7 +183,7 @@
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
 CSRF_TRUSTED_ORIGINS = [
-    'https://www.play-birdle.com/', 
-    'http://www.play-birdle.com/', 
-    'http://www.play-birdle.com/region'
+    'https://www.play-birdle.com', 
+    'http://www.play-birdle.com', 
+    'https://www.play-birdle.com/region'
 ]
