diff --git a/common/djangoapps/util/sandboxing.py b/common/djangoapps/util/sandboxing.py
index 7d1c1da06f..2024f8fa27 100644
--- a/common/djangoapps/util/sandboxing.py
+++ b/common/djangoapps/util/sandboxing.py
@@ -14,7 +14,9 @@ def can_execute_unsafe_code(course_id):
     """
     # To decide if we can run unsafe code, we check the course id against
     # a list of regexes configured on the server.
-    for regex in settings.COURSES_WITH_UNSAFE_CODE:
+    # If this is not defined in the environment variables then default to the most restrictive, which
+    # is 'no unsafe courses'
+    for regex in getattr(settings, 'COURSES_WITH_UNSAFE_CODE', []):
         if re.match(regex, course_id):
             return True
     return False