update CSRF and CORS whitelists

scole02 · scole02 · commit 964957e8a7f0 · 2024-05-08T09:43:59.000-07:00
diff --git a/alzi/alzi/deployment.py b/alzi/alzi/deployment.py
@@ -3,8 +3,8 @@
 from .settings import BASE_DIR
 
 ALLOWED_HOSTS = [os.environ['WEBSITE_HOSTNAME']]
-CORS_ORIGIN_WHITELIST = ['https://witty-pebble-0b4c4811e.4.azurestaticapps.net/', 'http://' + os.environ['WEBSITE_HOSTNAME'] ]
-CSRF_TRUSTED_ORIGINS = ['http://' + os.environ['WEBSITE_HOSTNAME']]
+CORS_ORIGIN_WHITELIST = ['https://witty-pebble-0b4c4811e.4.azurestaticapps.net/', 'https://' + os.environ['WEBSITE_HOSTNAME'] ]
+CSRF_TRUSTED_ORIGINS = ['https://' + os.environ['WEBSITE_HOSTNAME']]
 DEBUG = False
 
 OPENAI_SECRET_KEY = os.environ['OPENAI_SECRET_KEY']
