diff --git a/evibes/settings/base.py b/evibes/settings/base.py
index e08f060f..ff1fbccc 100644
--- a/evibes/settings/base.py
+++ b/evibes/settings/base.py
@@ -27,6 +27,8 @@ else:
     for entry in getenv("ALLOWED_HOSTS").split(" "):
         ALLOWED_HOSTS.add(entry)
 
+ALLOWED_HOSTS = tuple(ALLOWED_HOSTS)
+
 CSRF_TRUSTED_ORIGINS = {
     "http://127.0.0.1",
     "http://api.localhost",
@@ -36,6 +38,8 @@ CSRF_TRUSTED_ORIGINS = {
 for entry in getenv("CSRF_TRUSTED_ORIGINS").split(" "):
     CSRF_TRUSTED_ORIGINS.add(entry)
 
+CSRF_TRUSTED_ORIGINS = tuple(CSRF_TRUSTED_ORIGINS)
+
 if DEBUG:
     CORS_ALLOW_ALL_ORIGINS = True
 else:
@@ -47,6 +51,8 @@ else:
     for entry in getenv("CORS_ALLOWED_ORIGINS").split(" "):
         CORS_ALLOWED_ORIGINS.add(entry)
 
+    CORS_ALLOWED_ORIGINS = tuple(CORS_ALLOWED_ORIGINS)
+
     CORS_ALLOW_METHODS = (
         "DELETE",
         "GET",
@@ -56,7 +62,7 @@ else:
         "PUT",
     )
 
-CORS_ALLOW_HEADERS = [
+CORS_ALLOW_HEADERS = (
     "accept",
     "accept-encoding",
     "accept-language",
@@ -77,7 +83,7 @@ CORS_ALLOW_HEADERS = [
     "sec-gpc",
     "origin",
     "referer",
-]
+)
 
 USE_X_FORWARDED_HOST = True
 SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") if not DEBUG else None