From 3737942ddcd61475674fcba020392366fba5434d Mon Sep 17 00:00:00 2001
From: IRBorisov <8611739+IRBorisov@users.noreply.github.com>
Date: Mon, 18 Sep 2023 14:11:48 +0300
Subject: [PATCH] Fix subdomain csrf

---
 rsconcept/backend/.env.prod           | 1 +
 rsconcept/backend/project/settings.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/rsconcept/backend/.env.prod b/rsconcept/backend/.env.prod
index 1ca6d4a2..7ef3b67a 100644
--- a/rsconcept/backend/.env.prod
+++ b/rsconcept/backend/.env.prod
@@ -4,6 +4,7 @@
 ALLOWED_HOSTS=portal.acconcept.ru;api.portal.acconcept.ru
 CSRF_TRUSTED_ORIGINS=https://portal.acconcept.ru;https://api.portal.acconcept.ru
 CORS_ALLOWED_ORIGINS=https://portal.acconcept.ru
+CSRF_COOKIE_DOMAIN=.acconcept.ru
 
 
 # File locations
diff --git a/rsconcept/backend/project/settings.py b/rsconcept/backend/project/settings.py
index 11a3d5fb..5bd895fb 100644
--- a/rsconcept/backend/project/settings.py
+++ b/rsconcept/backend/project/settings.py
@@ -68,7 +68,7 @@ REST_FRAMEWORK = {
 CORS_ALLOW_CREDENTIALS = True
 CORS_ALLOWED_ORIGINS = os.environ.get('CORS_ALLOWED_ORIGINS', 'http://localhost:3000').split(';')
 CSRF_TRUSTED_ORIGINS = os.environ.get('CSRF_TRUSTED_ORIGINS', 'http://localhost:3000').split(';')
-# CSRF_COOKIE_NAME = 'csrftoken'
+CSRF_COOKIE_DOMAIN = os.environ.get('CSRF_COOKIE_DOMAIN', 'localhost').split(';')
 # CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'