From 8965cf9e29dc8292e58d19126ce5169a582ac8ad Mon Sep 17 00:00:00 2001
From: Luc <stagiair@syrinx.nl>
Date: Tue, 7 Dec 2021 14:32:47 +0100
Subject: [PATCH] fix csrf did not match trusted origins

should be set by the TUBESYNC_HOSTS environment
And the localhost values should always be added to ALLOWED_HSOTS
---
 tubesync/tubesync/local_settings.py.container | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/tubesync/tubesync/local_settings.py.container b/tubesync/tubesync/local_settings.py.container
index b1fab19..abd8336 100644
--- a/tubesync/tubesync/local_settings.py.container
+++ b/tubesync/tubesync/local_settings.py.container
@@ -14,15 +14,18 @@ DOWNLOADS_BASE_DIR = ROOT_DIR / 'downloads'
 SECRET_KEY = str(os.getenv('DJANGO_SECRET_KEY', 'tubesync-django-secret'))
 
 
-ALLOWED_HOSTS_STR = str(os.getenv('TUBESYNC_HOSTS', '127.0.0.1,localhost'))
+ALLOWED_HOSTS_STR = os.getenv('TUBESYNC_HOSTS', '')
+if len(ALLOWED_HOSTS_STR) > 0
+    ALLOWED_HOSTS_STR += ','
+ALLOWED_HOSTS_STR += '127.0.0.1,localhost,::1'
+
 ALLOWED_HOSTS = ALLOWED_HOSTS_STR.split(',')
+CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS_STR.split(',')
+
 DEBUG = True if os.getenv('TUBESYNC_DEBUG', False) else False
 FORCE_SCRIPT_NAME = os.getenv('DJANGO_FORCE_SCRIPT_NAME', None)
-
-
 TIME_ZONE = os.getenv('TZ', 'UTC')
 
-
 database_dict = {}
 database_connection_env = os.getenv('DATABASE_CONNECTION', '')
 if database_connection_env: