From abcc6f616e7d507550c5c6a440787b288f309515 Mon Sep 17 00:00:00 2001
From: Sklup55 <85282385+Sklup55@users.noreply.github.com>
Date: Wed, 27 Dec 2023 15:39:49 +0530
Subject: [PATCH] updates made for lab to run without 'CSRF errors'

Below updates  required to run the Week 5 K8S deployment lab correctly (without CSRF error)

1.  Below line has been removed

->  'django.middleware.csrf.CsrfViewMiddleware',

2. ALLOWED_HOSTS section - codes updated

3. CSRF_TRUSTED_ORIGINS section - code newly added
---
 server/djangobackend/settings.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/djangobackend/settings.py b/server/djangobackend/settings.py
index ff43f444a8..6c6fe6a78b 100644
--- a/server/djangobackend/settings.py
+++ b/server/djangobackend/settings.py
@@ -27,7 +27,9 @@
 
 APPEND_SLASH = True
 
-ALLOWED_HOSTS = ["localhost"]
+ALLOWED_HOSTS = ['localhost','<Your app URL>']
+
+CSRF_TRUSTED_ORIGINS = ['<Your app URL>']
 
 
 # Application definition
@@ -46,7 +48,6 @@
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',