Add CSRF_TRUSTED_ORIGINS to setting

This is needed for effective CSRF proptection on deployments

Signed-off-by: Philippe Ombredanne <[email protected]>

Author: pombredanne

vulnerablecode/settings.py

@@ -36,6 +36,8 @@
 
 VULNERABLECODE_PASSWORD_MIN_LENGTH = env.int("VULNERABLECODE_PASSWORD_MIN_LENGTH", default=14)
 
+CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS", default=[])
+
 # SECURITY WARNING: do not run with debug turned on in production
 DEBUG = env.bool("VULNERABLECODE_DEBUG", default=False)