# SECURITY WARNING: keep the secret key used in production secret!
try:
    with open('secret_key.txt') as f:
        SECRET_KEY = f.read().strip()
    # SECRET_KEY = os.environ["SECRET_KEY"]
except FileNotFoundError:
    raise RuntimeError("No 'secret_key.txt' found! Fix the configuration...")


# https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/#allowed-hosts
ALLOWED_HOSTS = [
    f"keeppolling.guyware.nz",
]

CSRF_TRUSTED_ORIGINS = [
    f"https://keeppolling.guyware.nz",
]

# Enable HTTPS only and turn on these settings
SECURE_SSL_REDIRECT = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True