1.0.2

2026-06-04 17:14:08 +00:00 · 2026-06-04 17:14:08 +00:00 · a0758d4015
commit a0758d4015
parent f3690a8b42
2 changed files with 18 additions and 5 deletions
--- a/config/pycache/settings.cpython-311.pyc
+++ b/config/pycache/settings.cpython-311.pyc
--- a/config/settings.py
+++ b/config/settings.py
@ -20,21 +20,34 @@ load_dotenv(BASE_DIR.parent / ".env")
 SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", "change-me")
 DEBUG = os.getenv("DJANGO_DEBUG", "true").lower() == "true"

+def _host_from_env(value):
+    return value.replace("https://", "").replace("http://", "").split("/")[0].strip()
+
+
 ALLOWED_HOSTS = [
-    "127.0.0.1",
-    "localhost",
-    os.getenv("HOST_FQDN", ""),
+    host for host in [
+        "127.0.0.1",
+        "localhost",
+        ".appwizzy.dev",
+        ".dev.flatlogic.app",
+        _host_from_env(os.getenv("HOST_FQDN", "")),
+        _host_from_env(os.getenv("FULL_DOMAIN", "")),
+    ] if host
 ]

 CSRF_TRUSTED_ORIGINS = [
    origin for origin in [
+        "https://*.appwizzy.dev",
+        "http://*.appwizzy.dev",
+        "https://*.dev.flatlogic.app",
        os.getenv("HOST_FQDN", ""),
+        os.getenv("FULL_DOMAIN", ""),
        os.getenv("CSRF_TRUSTED_ORIGIN", "")
    ] if origin
 ]
 CSRF_TRUSTED_ORIGINS = [
-    f"https://{host}" if not host.startswith(("http://", "https://")) else host
-    for host in CSRF_TRUSTED_ORIGINS
+    f"https://{origin}" if not origin.startswith(("http://", "https://")) else origin
+    for origin in CSRF_TRUSTED_ORIGINS
 ]

 # Cookies must always be HTTPS-only; SameSite=Lax keeps CSRF working behind the proxy.