From 8199e67b79c4c136e7dbb65432534194c08f9195 Mon Sep 17 00:00:00 2001 From: Philip Sargent Date: Sun, 21 Jun 2020 00:06:03 +0100 Subject: [PATCH] re-ordered middlkeware --- settings.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/settings.py b/settings.py index 83ce1b3..2c843be 100644 --- a/settings.py +++ b/settings.py @@ -115,15 +115,14 @@ INSTALLED_APPS = ( ) MIDDLEWARE_CLASSES = ( - 'django.middleware.security.SecurityMiddleware', - 'django.middleware.common.CommonMiddleware', - 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', - 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', - 'django.contrib.messages.middleware.MessageMiddleware', - 'django.middleware.clickjacking.XFrameOptionsMiddleware', - 'troggle.middleware.SmartAppendSlashMiddleware' + 'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST + 'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests + 'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW + 'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST + 'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest + 'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support + 'django.middleware.clickjacking.XFrameOptionsMiddleware', # lickjacking protection via the X-Frame-Options header + 'troggle.middleware.SmartAppendSlashMiddleware' # Outdated & unneeded? ) ROOT_URLCONF = 'troggle.urls'