From e5a9b9aa50269696547d19cbf7dfa68cb7bda565 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Kucharczyk?= <lukas@kucharczyk.xyz>
Date: Sun, 8 Jan 2023 14:35:28 +0000
Subject: [PATCH] Fix CSRF error (#22)

Fixes #21

Reviewed-on: https://git.kucharczyk.xyz/lukas/timetracker/pulls/22
---
 CHANGELOG.md            | 4 ++++
 Dockerfile              | 2 +-
 pyproject.toml          | 2 +-
 src/web/web/settings.py | 9 +++++----
 4 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f71930a..a8f1516 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.1.3 / 2023-01-08 15:23+01:00
+
+* Fix CSRF error (https://git.kucharczyk.xyz/lukas/timetracker/pulls/22)
+
 ## 0.1.2 / 2023-01-07 22:05+01:00
 
 * Switch to Uvicorn/Gunicorn + Caddy (https://git.kucharczyk.xyz/lukas/timetracker/pulls/4)
diff --git a/Dockerfile b/Dockerfile
index 3439f94..8aa0b50 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,7 @@ RUN npm install && \
 
 FROM python:3.10.9-alpine
 
-ENV VERSION_NUMBER 0.1.2
+ENV VERSION_NUMBER 0.1.3
 ENV PROD 1
 
 RUN apk add \
diff --git a/pyproject.toml b/pyproject.toml
index 55795fa..0e7cd4f 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "timetracker"
-version = "0.1.2"
+version = "0.1.3"
 description = "A simple time tracker."
 authors = ["Lukáš Kucharczyk <lukas@kucharczyk.xyz>"]
 license = "GPL"
diff --git a/src/web/web/settings.py b/src/web/web/settings.py
index 2010421..a0ca0ac 100644
--- a/src/web/web/settings.py
+++ b/src/web/web/settings.py
@@ -145,7 +145,8 @@ LOGGING = {
     },
 }
 
-CSRF_TRUSTED_ORIGINS = []
-
-if os.environ.get("PROD"):
-    CSRF_TRUSTED_ORIGINS.append(os.environ.get("CSRF_TRUSTED_ORIGINS"))
+_csrf_trusted_origins = os.environ.get("CSRF_TRUSTED_ORIGINS")
+if _csrf_trusted_origins:
+    CSRF_TRUSTED_ORIGINS = _csrf_trusted_origins.split(",")
+else:
+    CSRF_TRUSTED_ORIGINS = []