diff --git a/settings.py b/settings.py
index a0b1fc001d..099c717f5e 100644
--- a/settings.py
+++ b/settings.py
@@ -252,9 +252,11 @@
 ]
 
 DEPLOYMENT_TYPE = os.environ.get('DEPLOYMENT_TYPE')
+BASE_URL = os.environ.get("BASE_URL", "/")
 if DEPLOYMENT_TYPE in {'prod', 'dev'}:
     SESSION_COOKIE_SECURE = True
     CSRF_COOKIE_SECURE = True
+    CSRF_TRUSTED_ORIGINS = [BASE_URL.rstrip('/')]
     DEBUG = False
 else:
     DEBUG = True
@@ -299,7 +301,6 @@
 SEQR_PRIVACY_VERSION = float(os.environ.get('SEQR_PRIVACY_VERSION', 1.1))
 SEQR_TOS_VERSION = float(os.environ.get('SEQR_TOS_VERSION', 1.2))
 
-BASE_URL = os.environ.get("BASE_URL", "/")
 GA_TOKEN_ID = os.environ.get("GA_TOKEN_ID")
 
 SLACK_TOKEN = os.environ.get("SLACK_TOKEN")