For production deployments, Django validates the Host header in requests and checks it against a list of permitted hosts, e.g. FQDNs. Let's read those in from an environment variable. Declaration of the environment
variable is required, otherwise the split() call will fail. This is intentional.
Also adding optional support for CSRF_TRUSTED_ORIGINS, again only in prod settings.
For production deployments, Django validates the Host header in requests and checks it against a list of permitted hosts, e.g. FQDNs. Let's read those in from an environment variable. Declaration of the environment variable is required, otherwise the split() call will fail. This is intentional.
Also adding optional support for CSRF_TRUSTED_ORIGINS, again only in prod settings.
Closes #38.