From 5461fc9de1a1ba46e1812ee20d5ae6cdcf950963 Mon Sep 17 00:00:00 2001
From: Hritik Vijay <ping@hritik.sh>
Date: Thu, 5 Oct 2023 14:58:28 +0530
Subject: [PATCH] Add note about CSRF_TRUSTED_ORIGINS

With Django 4.0+ setting CSRF_TRUSTED_ORIGINS is necessary. Refer:
https://stackoverflow.com/a/70326426/2251364

ScanCodeIO already recommends this setting in the following section:
https://scancodeio.readthedocs.io/en/latest/installation.html#run-the-app

Signed-off-by: Hritik Vijay <hey@hritik.sh>
---
 docs/source/installation.rst | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/docs/source/installation.rst b/docs/source/installation.rst
index 4f098bc3f..638276c5d 100644
--- a/docs/source/installation.rst
+++ b/docs/source/installation.rst
@@ -69,11 +69,13 @@ to run on a different port than 8000.
 .. note::
 
     To access a dockerized VulnerableCode app from a remote location, the ``ALLOWED_HOSTS``
-    setting need to be provided in your ``docker.env`` file::
+    and ``CSRF_TRUSTED_ORIGINS`` setting need to be provided in your ``docker.env`` file::
 
         ALLOWED_HOSTS=.domain.com,127.0.0.1
+        CSRF_TRUSTED_ORIGINS=https://*.domain.com,http://127.0.0.1
 
-    Refer to `Django ALLOWED_HOSTS settings <https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts>`_
+    Refer to Django `ALLOWED_HOSTS settings <https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts>`_
+    and `CSRF_TRUSTED_ORIGINS settings <https://docs.djangoproject.com/en/dev/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS>`_
     for more details.
 
 .. warning::