From ae5de75b654e7ead7d26926a5c1320060f7bb4d3 Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Wed, 1 Jul 2020 14:11:09 +0000
Subject: [PATCH] Added some CSRF settings to make login from a meetecho iframe
 possible.  - Legacy-Id: 18117

---
 ietf/settings.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ietf/settings.py b/ietf/settings.py
index 5c916a481..349e809df 100644
--- a/ietf/settings.py
+++ b/ietf/settings.py
@@ -61,6 +61,10 @@ PASSWORD_HASHERS = [
 
 ALLOWED_HOSTS = [".ietf.org", ".ietf.org.", "209.208.19.216", "4.31.198.44", "127.0.0.1", "localhost:8000", ]
 
+X_FRAME_OPTIONS = 'ALLOW-FROM meetecho.com *.meetecho.com *.ietf.org'
+CSRF_TRUSTED_ORIGINS = ['meetecho.com', '*.meetecho.com', '*.ietf.org', ]
+CSRF_COOKIE_SAMESITE = None
+
 
 # Server name of the tools server
 TOOLS_SERVER = 'tools.' + IETF_DOMAIN