diff --git a/config/settings.py b/config/settings.py
index 291d043..d17fb93 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -23,19 +23,19 @@ DEBUG = os.getenv("DJANGO_DEBUG", "true").lower() == "true"
 ALLOWED_HOSTS = [
     "127.0.0.1",
     "localhost",
-    os.getenv("HOST_FQDN", ""),
-]
-
+    "shinastore.flatlogic.app",  # Tambahin domain lo di sini
+    "*",                         # Tanda bintang ini buat bolehin semua (biar cepet fix)
+    ]
 CSRF_TRUSTED_ORIGINS = [
     origin for origin in [
         os.getenv("HOST_FQDN", ""),
         os.getenv("CSRF_TRUSTED_ORIGIN", "")
     ] if origin
 ]
-CSRF_TRUSTED_ORIGINS = [
-    f"https://{host}" if not host.startswith(("http://", "https://")) else host
-    for host in CSRF_TRUSTED_ORIGINS
-]
+CCSRF_TRUSTED_ORIGINS = [
+        "https://shinastore.flatlogic.app",
+            "http://shinastore.flatlogic.app",
+            ]
 
 # Cookies must always be HTTPS-only; SameSite=Lax keeps CSRF working behind the proxy.
 SESSION_COOKIE_SECURE = True