Set default frontend urls as CSRF trusted origin

arkindex/project/config.py

@@ -132,7 +132,7 @@ def get_settings_parser(base_dir):
     csrf_parser.add_option('cookie_domain', type=str, default=None)
     csrf_parser.add_option('cookie_secure', type=bool, default=False)
     csrf_parser.add_option('cookie_samesite', type=CookieSameSiteOption, default=CookieSameSiteOption.Lax)
-    csrf_parser.add_option('trusted_origins', type=str, many=True, default=[])
+    csrf_parser.add_option('trusted_origins', type=str, many=True, default=['http://localhost:8080', 'http://127.0.0.1:8080'])
 
     session_parser = parser.add_subparser('session', default={})
     session_parser.add_option('cookie_name', type=str, default='arkindex.auth')

arkindex/project/tests/config_samples/defaults.yaml

@@ -17,7 +17,9 @@ csrf:
   cookie_name: arkindex.csrf
   cookie_samesite: lax
   cookie_secure: false
-  trusted_origins: []
+  trusted_origins:
+  - http://localhost:8080
+  - http://127.0.0.1:8080
 database:
   host: localhost
   name: arkindex_dev