diff --git a/app/app/settings.py b/app/app/settings.py
index afee205b..aaf1fb7c 100644
--- a/app/app/settings.py
+++ b/app/app/settings.py
@@ -33,11 +33,13 @@ SECRET_KEY = 'django-insecure-b*41-$afq0yl)1e#qpz^-nbt-opvjwb#avv++b9rfdxa@b55sk
 #
 # Defaults
 #
+ALLOWED_HOSTS = [ '*' ]          # Site host to serve
 DEBUG = False                    # SECURITY WARNING: don't run with debug turned on in production!
+SITE_URL = 'http://127.0.0.1'    # domain with HTTP method for the sites URL
 SSO_ENABLED = False              # Enable SSO
 SSO_LOGIN_ONLY_BACKEND = None    # Use specified SSO backend as the ONLY method to login. (builting login form will not be used)
+TRUSTED_ORIGINS = []             # list of trusted domains for CSRF
 
-ALLOWED_HOSTS = [ '*' ]
 
 
 # Application definition
@@ -225,6 +227,9 @@ if API_ENABLED:
 
 DATETIME_FORMAT = 'j N Y H:i:s'
 
+#
+# Load user settings files
+#
 if os.path.isdir(SETTINGS_DIR):
 
     settings_files = os.path.join(SETTINGS_DIR, '*.py')
@@ -237,6 +242,11 @@ AUTHENTICATION_BACKENDS = (
     'django.contrib.auth.backends.ModelBackend',
 )
 
+CSRF_TRUSTED_ORIGINS = [
+    SITE_URL,
+    *TRUSTED_ORIGINS
+]
+
 if DEBUG:
     INSTALLED_APPS += [
         'debug_toolbar',
diff --git a/docs/projects/django-template/configuration.md b/docs/projects/django-template/configuration.md
index a6294adb..f43bba08 100644
--- a/docs/projects/django-template/configuration.md
+++ b/docs/projects/django-template/configuration.md
@@ -9,6 +9,11 @@ about: https://gitlab.com/nofusscomputing/infrastructure/configuration-managemen
 This page details the configuration for setting up the application.
 
 
+## Config file
+
+Configuration for this application is stored within a python file `.py` in directory `/etc/istm/`. Any python file placed within this directory will be dynamically loaded at runtime. It's important to ensure that the file remains a valid python file. Failing to do so will prevent the application from restarting.
+
+
 ## Single Sign-On
 
 - `SSO_ENABLED`, boolean
@@ -43,13 +48,17 @@ SOCIAL_AUTH_OIDC_SECRET = '<client secret>'
 ```
 
 
-## Available Settings
+## Available Configuration Settings
 
 Below are the available configuration values along with their default value.
 
 ``` py
 
+ALLOWED_HOSTS = [ '*' ]
 DEBUG = False                    # SECURITY WARNING: don't run with debug turned on in production!
+SITE_URL = 'http://127.0.0.1'    # domain with HTTP method for the URL to access the site
 SSO_ENABLED = False              # Enable SSO
+SSO_LOGIN_ONLY_BACKEND = None    # Use specified SSO backend as the ONLY method to login. (builting login form will not be used)
+TRUSTED_ORIGINS = []             # list of trusted domains for CSRF
 
 ```