From cb80118ebf386f7ad7c52296be7abae2fa688d03 Mon Sep 17 00:00:00 2001
From: Ehtesham Alam <ealam-apphelix@2u.com>
Date: Wed, 20 Aug 2025 11:42:44 +0530
Subject: [PATCH] fix: remove CSRF_TRUSTED_ORIGINS_WITH_SCHEME variable
 (#37195)

---
 cms/envs/mock.yml      | 2 --
 cms/envs/production.py | 1 -
 lms/envs/mock.yml      | 2 --
 lms/envs/production.py | 2 --
 4 files changed, 7 deletions(-)

diff --git a/cms/envs/mock.yml b/cms/envs/mock.yml
index c3d0ccd1cb..8ab3beea07 100644
--- a/cms/envs/mock.yml
+++ b/cms/envs/mock.yml
@@ -247,8 +247,6 @@ CROSS_DOMAIN_CSRF_COOKIE_NAME: csrftoken
 CSRF_COOKIE_SECURE: true
 CSRF_TRUSTED_ORIGINS:
 - https://*.localhost
-CSRF_TRUSTED_ORIGINS_WITH_SCHEME:
-- https://*.localhost
 DATABASES:
   blockstore:
     CONN_MAX_AGE: 600
diff --git a/cms/envs/production.py b/cms/envs/production.py
index 12c7daed66..7bc4677d80 100644
--- a/cms/envs/production.py
+++ b/cms/envs/production.py
@@ -155,7 +155,6 @@ if 'staticfiles' in CACHES:
 # Once we have migrated to service assets off S3, then we can convert this back to
 # managed by the yaml file contents
 STATICFILES_STORAGE = os.environ.get('STATICFILES_STORAGE', STATICFILES_STORAGE)
-CSRF_TRUSTED_ORIGINS = _YAML_TOKENS.get('CSRF_TRUSTED_ORIGINS_WITH_SCHEME', [])
 
 MKTG_URL_LINK_MAP.update(_YAML_TOKENS.get('MKTG_URL_LINK_MAP', {}))
 
diff --git a/lms/envs/mock.yml b/lms/envs/mock.yml
index ad6ccb64c7..10ec3d1e26 100644
--- a/lms/envs/mock.yml
+++ b/lms/envs/mock.yml
@@ -330,8 +330,6 @@ CROSS_DOMAIN_CSRF_COOKIE_NAME: ''
 CSRF_COOKIE_SECURE: true
 CSRF_TRUSTED_ORIGINS:
 - https://*.sandbox.localhost
-CSRF_TRUSTED_ORIGINS_WITH_SCHEME:
-- https://*.sandbox.localhost
 DASHBOARD_COURSE_LIMIT: 250
 DATABASES:
   blockstore:
diff --git a/lms/envs/production.py b/lms/envs/production.py
index 835abc0dcf..6b91bfee36 100644
--- a/lms/envs/production.py
+++ b/lms/envs/production.py
@@ -197,8 +197,6 @@ LOGGING = get_logger_config(
     service_variant=SERVICE_VARIANT,
 )
 
-CSRF_TRUSTED_ORIGINS = _YAML_TOKENS.get('CSRF_TRUSTED_ORIGINS_WITH_SCHEME', [])
-
 if FEATURES['ENABLE_CORS_HEADERS'] or FEATURES.get('ENABLE_CROSS_DOMAIN_CSRF_COOKIE'):
     CORS_ALLOW_CREDENTIALS = True
     CORS_ORIGIN_WHITELIST = _YAML_TOKENS.get('CORS_ORIGIN_WHITELIST', ())