From 3f31c7a1ddd958ac1762b73ca68158c008a0e35c Mon Sep 17 00:00:00 2001
From: Larry La <larryquocla@gmail.com>
Date: Tue, 1 Apr 2025 17:43:50 -0700
Subject: [PATCH 1/2] chore: edit security config

---
 backend/bitmatch/settings.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/backend/bitmatch/settings.py b/backend/bitmatch/settings.py
index 2f5345b..81202f4 100644
--- a/backend/bitmatch/settings.py
+++ b/backend/bitmatch/settings.py
@@ -25,12 +25,17 @@
 # See https://docs.djangoproject.com/en/5.1/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'django-insecure-b4wn$=0zp6j)8%uejmc)hp&3$j3myn$(&i_69(c@shw1i285*v'
+SECRET_KEY = os.getenv("DJANGO_SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DJANGO_ENV = os.getenv("DJANGO_ENV", "DEV").upper()  
 
-ALLOWED_HOSTS = ["*"]
+DEBUG = DJANGO_ENV == "DEV"
+
+if DJANGO_ENV == "PROD":
+    ALLOWED_HOSTS = ["bitmatchapp.com", "www.bitmatchapp.com"]
+else:
+    ALLOWED_HOSTS = ["localhost", "127.0.0.1"]
 
 REST_FRAMEWORK = {
     "DEFAULT_AUTHENTICATION_CLASSES": (

From bb7dcc5e318fd1fdb6f5643d95dee7b7025edfaf Mon Sep 17 00:00:00 2001
From: Larry La <larryquocla@gmail.com>
Date: Tue, 1 Apr 2025 17:53:02 -0700
Subject: [PATCH 2/2] chore: add www

---
 backend/bitmatch/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/bitmatch/settings.py b/backend/bitmatch/settings.py
index 81202f4..8c29feb 100644
--- a/backend/bitmatch/settings.py
+++ b/backend/bitmatch/settings.py
@@ -183,6 +183,7 @@
     "http://localhost:5173", 
     "http://localhost:5174", 
     "https://bitmatchapp.com",
+    "https://www.bitmatchapp.com",
     "https://api.bitmatchapp.com",
 ]