From e64120aba94f326b5a6092a32c2ef9da05a8aeef Mon Sep 17 00:00:00 2001
From: phillybroadbent <phillybroadbent@gmail.com>
Date: Thu, 11 Apr 2024 10:37:21 +0100
Subject: [PATCH 1/2] Adding CSRF trusted hosts to django settings

---
 lowfat/settings.py | 7 +++++++
 requirements.txt   | 5 +++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lowfat/settings.py b/lowfat/settings.py
index e8975d4a..fd98c772 100644
--- a/lowfat/settings.py
+++ b/lowfat/settings.py
@@ -62,6 +62,7 @@
     'bootstrap_datepicker_plus',
     'constance',
     'constance.backends.database',
+    'corsheaders',
     'crispy_forms',
     'crispy_bootstrap5',
     'dbbackup',
@@ -90,10 +91,16 @@
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'simple_history.middleware.HistoryRequestMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
 ]
 
 ROOT_URLCONF = 'lowfat.urls'
 
+CSRF_TRUSTED_ORIGINS = [
+    'localhost:8000',
+    'https://fellows.software.ac.uk',
+]
+
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
diff --git a/requirements.txt b/requirements.txt
index e8400ca6..b736db42 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,6 +11,7 @@ Django==4.2
 django-appconf==1.0.5
 django-bootstrap-datepicker-plus==4.0.0
 django-constance==2.9.1
+django-cors-headers==4.3.1
 django-countries==7.3.2
 django-crispy-forms==1.14.0
 django-datetime-widget==0.9.3
@@ -36,7 +37,7 @@ odfpy==1.4.1
 openpyxl==3.1.2
 pandas==1.4.3
 pilkit==2.0
-Pillow==10.2.0
+pillow==10.2.0
 pycparser==2.21
 PyJWT==2.4.0
 PyPDF2==2.10.3
@@ -57,4 +58,4 @@ tablib==3.5.0
 typing_extensions==4.3.0
 urllib3==1.26.12
 xlrd==2.0.1
-xlwt==1.3.0
\ No newline at end of file
+xlwt==1.3.0

From dc4848a74dcb3eafbf5a12d7e340fb6df2bf5c46 Mon Sep 17 00:00:00 2001
From: phillybroadbent <phillybroadbent@gmail.com>
Date: Thu, 11 Apr 2024 10:42:09 +0100
Subject: [PATCH 2/2] Editing local CSRF trusted origin

---
 lowfat/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lowfat/settings.py b/lowfat/settings.py
index fd98c772..6fbbe834 100644
--- a/lowfat/settings.py
+++ b/lowfat/settings.py
@@ -97,7 +97,7 @@
 ROOT_URLCONF = 'lowfat.urls'
 
 CSRF_TRUSTED_ORIGINS = [
-    'localhost:8000',
+    'http://127.0.0.1:8000',
     'https://fellows.software.ac.uk',
 ]