From dfb80d2aa33024c810a09409c05e6b713981c5a5 Mon Sep 17 00:00:00 2001
From: Kumi <git@kumi.email>
Date: Fri, 12 Jul 2024 10:56:18 +0200
Subject: [PATCH] feat: add CSRF trusted origins and new OTP plugin

Included CSRF_TRUSTED_ORIGINS for enhanced security based on ALLOWED_HOSTS. Updated ALLOWED_HOSTS config key from "AllowedHosts" to "Hosts" for consistency. Added `django_otp.plugins.otp_static` to INSTALLED_APPS for better OTP functionality.

Resolves issues with CSRF protection and OTP security.
---
 coldbrew/settings.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/coldbrew/settings.py b/coldbrew/settings.py
index 32af67f..2df040d 100644
--- a/coldbrew/settings.py
+++ b/coldbrew/settings.py
@@ -32,7 +32,9 @@ if not (FIELD_ENCRYPTION_KEY := CONFIG.get("ColdBrew", "EncryptionKey", fallback
     CONFIG["ColdBrew"]["EncryptionKey"] = FIELD_ENCRYPTION_KEY
     ASK.write()
 
-ALLOWED_HOSTS = CONFIG.get("ColdBrew", "AllowedHosts", fallback="*").split(",")
+ALLOWED_HOSTS = CONFIG.get("ColdBrew", "Hosts", fallback="*").split(",")
+
+CSRF_TRUSTED_ORIGINS = [f"https://{host}" for host in ALLOWED_HOSTS if host != "*"]
 
 DEBUG = (
     CONFIG.getboolean("ColdBrew", "Debug", fallback=False) if ALLOWED_HOSTS else True
@@ -50,6 +52,7 @@ INSTALLED_APPS = [
     "encrypted_model_fields",
     "django_otp",
     "django_otp.plugins.otp_totp",
+    'django_otp.plugins.otp_static',
     "two_factor",
     "coldbrew.vpn",
     "coldbrew.users",