diff --git a/arkindex/project/config.py b/arkindex/project/config.py
index 7c53985751951012f89b2fb1a9edc8a61d9e7207..e7a567193cc14c05cc55fe44d2df7ae4beb093df 100644
--- a/arkindex/project/config.py
+++ b/arkindex/project/config.py
@@ -132,7 +132,7 @@ def get_settings_parser(base_dir):
     csrf_parser.add_option('cookie_domain', type=str, default=None)
     csrf_parser.add_option('cookie_secure', type=bool, default=False)
     csrf_parser.add_option('cookie_samesite', type=CookieSameSiteOption, default=CookieSameSiteOption.Lax)
-    csrf_parser.add_option('trusted_origins', type=str, many=True, default=[])
+    csrf_parser.add_option('trusted_origins', type=str, many=True, default=['http://localhost:8080', 'http://127.0.0.1:8080'])
 
     session_parser = parser.add_subparser('session', default={})
     session_parser.add_option('cookie_name', type=str, default='arkindex.auth')
diff --git a/arkindex/project/tests/config_samples/defaults.yaml b/arkindex/project/tests/config_samples/defaults.yaml
index bdca9bdf4cdf1e62f54121829ed041067c8df484..eabfd74749bd5e53cea745ad732add58a0a94599 100644
--- a/arkindex/project/tests/config_samples/defaults.yaml
+++ b/arkindex/project/tests/config_samples/defaults.yaml
@@ -17,7 +17,9 @@ csrf:
   cookie_name: arkindex.csrf
   cookie_samesite: lax
   cookie_secure: false
-  trusted_origins: []
+  trusted_origins:
+  - http://localhost:8080
+  - http://127.0.0.1:8080
 database:
   host: localhost
   name: arkindex_dev