From 2715826611be15c3bad53e66776952afea808d78 Mon Sep 17 00:00:00 2001
From: "R. Miles McCain" <github@sendmiles.email>
Date: Wed, 14 Sep 2022 11:09:17 -0700
Subject: [PATCH] Add proper CSRF origin parsing

---
 GUIDE.md                  | 2 ++
 shynet/shynet/settings.py | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/GUIDE.md b/GUIDE.md
index dbd247d..0e5f037 100644
--- a/GUIDE.md
+++ b/GUIDE.md
@@ -20,6 +20,8 @@
 
 **If you install Shynet, you should strongly consider enabling notifications when new versions are released.** You can do this under the "Watch" tab on GitHub (above). This will ensure that you are notified when new versions are available, some of which may be security updates. (Shynet will never automatically update itself.)
 
+> **When you do update, read the release notes!** These will tell you if you need to make changes to your deployment. (E.g., Shynet 0.13.0 requires additional configuration.)
+
 ## Installation
 
 Installation of Shynet is easy! Follow the [Basic Installation](#basic-installation) guide or the [Basic Installation with Docker Compose](#basic-installation-with-docker-compose) below for a minimal installation, or if you are going to be running Shynet over HTTPS through a reverse proxy.
diff --git a/shynet/shynet/settings.py b/shynet/shynet/settings.py
index 7be8430..235bbc4 100644
--- a/shynet/shynet/settings.py
+++ b/shynet/shynet/settings.py
@@ -39,7 +39,7 @@ SECRET_KEY = os.getenv("DJANGO_SECRET_KEY", "onlyusethisindev")
 DEBUG = os.getenv("DEBUG", "False") == "True"
 
 ALLOWED_HOSTS = os.getenv("ALLOWED_HOSTS", "*").split(",")
-CSRF_TRUSTED_ORIGINS = os.getenv("CSRF_TRUSTED_ORIGINS", "*").split(",")
+CSRF_TRUSTED_ORIGINS = filter(lambda k: len(k) > 0, os.getenv("CSRF_TRUSTED_ORIGINS", "").split(","))
 
 # Application definition