From 325a0c116a714ab250e9741841216f6ed5cccc29 Mon Sep 17 00:00:00 2001
From: Taylor Payne <taylor.payne@wgu.edu>
Date: Fri, 8 Aug 2025 09:31:04 -0600
Subject: [PATCH] fix: update mock config to include scheme for csrf domains
 (#37120)

Since the scheme must be included for the CSRF_TRUSTED_ORIGINS setting since
Django 4.0, this changes the values in the mock.yml configuration files to use
the scheme for the values under CSRF_TRUSTED_ORIGINS. We match the values
defined under CSRF_TRUSTED_ORIGINS_WITH_SCHEME key.

lms/envs/production.py pulls from CSRF_TRUSTED_ORIGINS_WITH_SCHEME in the YAML
config to set the CSRF_TRUSTED_ORIGINS setting , but cms/envs/production.py
pulls from CSRF_TRUSTED_ORIGINS in the YAML. So, this change fixes the CMS when
run with mock.yml.
---
 cms/envs/mock.yml | 2 +-
 lms/envs/mock.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cms/envs/mock.yml b/cms/envs/mock.yml
index 2338c68187..c3d0ccd1cb 100644
--- a/cms/envs/mock.yml
+++ b/cms/envs/mock.yml
@@ -246,7 +246,7 @@ CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: .localhost
 CROSS_DOMAIN_CSRF_COOKIE_NAME: csrftoken
 CSRF_COOKIE_SECURE: true
 CSRF_TRUSTED_ORIGINS:
-- .localhost
+- https://*.localhost
 CSRF_TRUSTED_ORIGINS_WITH_SCHEME:
 - https://*.localhost
 DATABASES:
diff --git a/lms/envs/mock.yml b/lms/envs/mock.yml
index 0bcdf0e84b..ad6ccb64c7 100644
--- a/lms/envs/mock.yml
+++ b/lms/envs/mock.yml
@@ -329,7 +329,7 @@ CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: ''
 CROSS_DOMAIN_CSRF_COOKIE_NAME: ''
 CSRF_COOKIE_SECURE: true
 CSRF_TRUSTED_ORIGINS:
-- .sandbox.localhost
+- https://*.sandbox.localhost
 CSRF_TRUSTED_ORIGINS_WITH_SCHEME:
 - https://*.sandbox.localhost
 DASHBOARD_COURSE_LIMIT: 250