* Allow simpler setting for CSRF_TRUSTED_ORIGINS and CORS_ALLOWED_ORIGINS - If these are not specified by the user, but a SITE_URL *is* specified, then use that * Update docs * Update config.md Remove outdated notes