ALLOWED_HOSTS = ['localhost', '127.0.0.1'] CSRF_TRUSTED_ORIGINS = [ "https://snapback.me", "http://localhost", "http://127.0.0.1", ]
Allowed HostsThis setting is used to validate the HTTP Host header of incoming requests to your server. It should list the domain names that your Django application is actually running on or being accessed via. If your Django app isn’t directly served at snapback.me (for example, it might be served on a different domain or running locally behind a proxy with a different hostname), then you don't need to add snapback.me to ALLOWED_HOSTS.
CSRF_TRUSTED_ORIGINSThis configuration is used to trust the origins of requests that carry a CSRF token. If your frontend (or any external service) hosted at snapback.me is sending requests (possibly via AJAX or forms) to your Django backend, you add snapback.me here so that Django accepts the CSRF tokens coming from that origin.