From f4b3155e418e0e6fd60e3437444ffa8aa90b4f79 Mon Sep 17 00:00:00 2001
From: Michele de Barros Santos <michele.fenix.17@gmail.com>
Date: Tue, 10 Oct 2023 19:48:14 -0300
Subject: [PATCH] ajustes csrf

---
 hashflix/settings.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/hashflix/settings.py b/hashflix/settings.py
index 16120f7..6900798 100644
--- a/hashflix/settings.py
+++ b/hashflix/settings.py
@@ -22,12 +22,18 @@
 # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'django-insecure-%^9!uvtl3#@2kx0p_t-j2_*lwv-l%pj%vcbrew_cy30xv3&rzi'
+TOKEN_CSRF = os.getenv("TOKEN_CSRF")
+if TOKEN_CSRF:
+    SECRET_KEY = TOKEN_CSRF
+    CSRF_TRUSTED_ORIGINS = ['https://sitecomdjango-production.up.railway.app/']
+else:
+    SECRET_KEY = 'django-insecure-%^9!uvtl3#@2kx0p_t-j2_*lwv-l%pj%vcbrew_cy30xv3&rzi'
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = ['*']
+ALLOWED_HOSTS = [
+    "https://sitecomdjango-production.up.railway.app/", "localhost", "127.0.0.1"]
 
 
 # Application definition