diff --git a/app/public/cantusdata/settings.py b/app/public/cantusdata/settings.py
index 54c0a30e..ce934f99 100644
--- a/app/public/cantusdata/settings.py
+++ b/app/public/cantusdata/settings.py
@@ -167,6 +167,7 @@
 
 SESSION_COOKIE_SECURE = is_production
 CSRF_COOKIE_SECURE = is_production
+CSRF_TRUSTED_ORIGINS = ["https://cantus.simssa.ca", "https://cantus.staging.simssa.ca"]
 
 SECURE_HSTS_SECONDS = 86400
 SECURE_HSTS_INCLUDE_SUBDOMAINS = is_production