attempting to enable csrf cookie robustly

2025-12-15 01:27:08 +00:00 · 2021-03-26 17:33:58 +00:00
parent f5e799d632
commit 1c7e99e91b
6 changed files with 32 additions and 43 deletions
--- a/settings.py
+++ b/settings.py
@@ -128,11 +128,11 @@ INSTALLED_APPS = (
 )

 MIDDLEWARE_CLASSES = (
+    'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
    'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST
    'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests
    'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
-    'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
-    'django.contrib.auth.middleware.AuthenticationMiddleware',  # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest
+    'django.contrib.auth.middleware.AuthenticationMiddleware',  # Adds the user attribute, representing the currently-logged-in user
    'django.contrib.admindocs.middleware.XViewMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support
    'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header