Merge pull request #418 from UKGovernmentBEIS/PC-1294-fix-csrf-fail

PC-1294: Fix CSRF Fail
UKGovernmentBEIS · Dec 30, 2024 · 0d9e1a2 · 0d9e1a2
2 parents 2175249 + 4942761
commit 0d9e1a2
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/help_to_heat/settings.py b/help_to_heat/settings.py
@@ -258,7 +258,8 @@ def show_toolbar(request):
 
 TOTP_ISSUER = "Help to Heat Supplier Portal"
 
-CSRF_TRUSTED_ORIGINS = [BASE_URL]
+# origins don't have a trailing slash, the BASE_URL does so must be trimmed
+CSRF_TRUSTED_ORIGINS = [BASE_URL.rstrip("/")]
 
 if not DEBUG:
     SESSION_COOKIE_SECURE = True