Add CSRF_TRUSTED_ORIGINS for Railway

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: jsb2092

questionbank/config/settings.py

@@ -131,6 +131,13 @@
 CORS_ALLOWED_ORIGINS = os.getenv('CORS_ORIGINS', 'http://localhost:3000,http://127.0.0.1:8000').split(',')
 CORS_ALLOW_ALL_ORIGINS = DEBUG
 
+# CSRF trusted origins (required for Django 4.0+)
+CSRF_TRUSTED_ORIGINS = [
+    'https://*.railway.app',
+    'http://localhost:8000',
+    'http://127.0.0.1:8000',
+]
+
 # Authentication
 LOGIN_URL = '/login/'
 LOGIN_REDIRECT_URL = '/'