[FIX] Move site URL settings out of constance to allow access for CORS

CORS options require access to these settings, so they must be set before deployment

deploy/settings.example.ini

@@ -1,9 +1,33 @@
 [settings]
 
+; REQUIRED=Secret key
+; Used to generate CSRF tokens - must never be made public
+SECRET_KEY=changeme
+
+; Debug
+; Should the server run in debug mode?  Provides information to users which is unsafe in production
+; Default: False
+DEBUG=False
+
 ; Allowed hosts
 ; Accepted values for server header in request - protects against CSRF and CSS attacks
 ; Default: * if DEBUG else localhost
-# ALLOWED_HOSTS=* if DEBUG else localhost
+# ALLOWED_HOSTS=127.0.0.1,localhost,localhost.localdomain
+
+; Site URL
+; The URL the site will be deployed on. Do not include http://, https://, or a trailing slash.
+; Default: localhost
+# SITE_URL=localhost
+
+; Site protocol
+; The protocol the site uses. Valid options are http or https.
+; Default: http
+# SITE_PROTOCOL=http
+
+; Trusted origins
+; The trusted origin domains of requests - protects against CSRF and CSS attacks
+; Default: '*' if DEBUG else 'http://127.0.0.1,http://localhost,http://localhost.localdomain'
+# TRUSTED_ORIGINS=http://127.0.0.1,http://localhost,http://localhost.localdomain
 
 ; Database URL
 ; URL to database - uses format described at https://github.com/jacobian/dj-database-url