From 0459666beb54d8f9a83233600047c4e9addc5689 Mon Sep 17 00:00:00 2001
From: sabaimran <narmiabas@gmail.com>
Date: Sun, 17 Dec 2023 12:55:18 +0530
Subject: [PATCH] CSRF Cookie not set error in prod. Try fixing https
 forwarding for mitigation

---
 src/khoj/app/settings.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/khoj/app/settings.py b/src/khoj/app/settings.py
index bacbf904..86db4b12 100644
--- a/src/khoj/app/settings.py
+++ b/src/khoj/app/settings.py
@@ -33,6 +33,9 @@ ALLOWED_HOSTS = [f".{KHOJ_DOMAIN}", "localhost", "127.0.0.1", "[::1]"]
 CSRF_TRUSTED_ORIGINS = [
     f"https://*.{KHOJ_DOMAIN}",
     f"https://{KHOJ_DOMAIN}",
+    f"http://*.{KHOJ_DOMAIN}",
+    f"http://{KHOJ_DOMAIN}",
+    f"https://app.{KHOJ_DOMAIN}",
 ]
 
 COOKIE_SAMESITE = "None"
@@ -42,6 +45,7 @@ if DEBUG or os.getenv("KHOJ_DOMAIN") == None:
 else:
     SESSION_COOKIE_DOMAIN = KHOJ_DOMAIN
     CSRF_COOKIE_DOMAIN = KHOJ_DOMAIN
+    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTOCOL", "https")
 
 SESSION_COOKIE_SECURE = True
 CSRF_COOKIE_SECURE = True