This PR adds a new PROD_CSRF_ORIGIN env var that helps me define two slightly different values: one for the allowed production hostname, and one for the valid CSRF production origin. The values are slightly different and using the same value for both gets messy especially since I want Caddy to only host over https:// in production (which should be the same as the valid CSRF origin.)
This PR adds a new
PROD_CSRF_ORIGIN
env var that helps me define two slightly different values: one for the allowed production hostname, and one for the valid CSRF production origin. The values are slightly different and using the same value for both gets messy especially since I want Caddy to only host overhttps://
in production (which should be the same as the valid CSRF origin.)Fixes #131.