From 8fe3bf10f5c75ae1cd58a4d07d904171be812952 Mon Sep 17 00:00:00 2001
From: Eugene Pankov <john.pankov@gmail.com>
Date: Mon, 26 Jul 2021 22:13:06 +0200
Subject: [PATCH] Update settings.py

---
 backend/tabby/settings.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/backend/tabby/settings.py b/backend/tabby/settings.py
index 42e4f0b..c1038d9 100644
--- a/backend/tabby/settings.py
+++ b/backend/tabby/settings.py
@@ -239,8 +239,16 @@ if FRONTEND_URL:
         'x-xsrf-token',
         'x-requested-with',
     ]
-    CSRF_TRUSTED_ORIGINS = [urlparse(FRONTEND_URL).hostname]
+    frontend_domain = urlparse(FRONTEND_URL).hostname
+    CSRF_TRUSTED_ORIGINS = [frontend_domain]
+    SESSION_COOKIE_DOMAIN = frontend_domain
+    CSRF_COOKIE_DOMAIN = frontend_domain
+
     FRONTEND_URL = FRONTEND_URL.rstrip('/')
+
+    if FRONTEND_URL.startswith('https://'):
+        CSRF_COOKIE_SECURE = True
+        SESSION_COOKIE_SECURE = True
 else:
     FRONTEND_URL = ''