diff --git a/config/__pycache__/settings.cpython-311.pyc b/config/__pycache__/settings.cpython-311.pyc
index b7ec571..919f6b7 100644
Binary files a/config/__pycache__/settings.cpython-311.pyc and b/config/__pycache__/settings.cpython-311.pyc differ
diff --git a/config/settings.py b/config/settings.py
index 5e1cce8..befe05c 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -24,6 +24,8 @@ ALLOWED_HOSTS = [
     "127.0.0.1",
     "localhost",
     os.getenv("HOST_FQDN", ""),
+    ".sslip.io",
+    ".coolify.io",
 ]
 
 CSRF_TRUSTED_ORIGINS = [
@@ -36,6 +38,8 @@ CSRF_TRUSTED_ORIGINS = [
     f"https://{host}" if not host.startswith(("http://", "https://")) else host
     for host in CSRF_TRUSTED_ORIGINS
 ]
+# Also allow sslip/coolify for CSRF if needed (wildcards not supported in CSRF_TRUSTED_ORIGINS, requires exact match)
+# Users must set HOST_FQDN or CSRF_TRUSTED_ORIGIN for POST requests to work on these domains.
 
 # Cookies must always be HTTPS-only; SameSite=Lax keeps CSRF working behind the proxy.
 SESSION_COOKIE_SECURE = True
@@ -308,4 +312,4 @@ REST_FRAMEWORK = {
         'rest_framework.authentication.TokenAuthentication',
         'rest_framework.authentication.SessionAuthentication',
     ],
-}
+}
\ No newline at end of file