From b1d52d99bbaa357f1c0d09f2d3f9e97d4e9809c8 Mon Sep 17 00:00:00 2001
From: Gilles <43683714+corp-0@users.noreply.github.com>
Date: Thu, 10 Apr 2025 21:39:01 -0400
Subject: [PATCH 1/2] fix: added ledger prod URL to allowed hosts

---
 src/ledger/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ledger/settings.py b/src/ledger/settings.py
index a42f2f0..971a91b 100644
--- a/src/ledger/settings.py
+++ b/src/ledger/settings.py
@@ -26,7 +26,7 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = bool(os.environ.get("DJANGO_DEBUG", default="1"))
 
-ALLOWED_HOSTS = ["*"] if DEBUG else ["localhost", "127.0.0.1"]
+ALLOWED_HOSTS = ["*"] if DEBUG else ["localhost", "127.0.0.1", "https://ledger.unitystation.org"]
 
 # Application definition
 

From f08f26bdcf151ba124bd681cebb599dc48a3721e Mon Sep 17 00:00:00 2001
From: Gilles <43683714+corp-0@users.noreply.github.com>
Date: Thu, 10 Apr 2025 21:43:39 -0400
Subject: [PATCH 2/2] fix: cors and csrf stuff

---
 src/ledger/settings.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/ledger/settings.py b/src/ledger/settings.py
index 971a91b..090f293 100644
--- a/src/ledger/settings.py
+++ b/src/ledger/settings.py
@@ -26,7 +26,13 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = bool(os.environ.get("DJANGO_DEBUG", default="1"))
 
-ALLOWED_HOSTS = ["*"] if DEBUG else ["localhost", "127.0.0.1", "https://ledger.unitystation.org"]
+ALLOWED_HOSTS = ["*"] if DEBUG else ["localhost", "127.0.0.1", "ledger.unitystation.org"]
+
+# CSRF
+CSRF_TRUSTED_ORIGINS = ['https://ledger.unitystation.org']
+CORS_ORIGIN_ALLOW_ALL = DEBUG
+CORS_ALLOWED_ORIGINS = ['https://ledger.unitystation.org']
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
 # Application definition