diff options
| author | Philip Sargent <philip.sargent@klebos.com> | 2021-03-26 17:33:58 +0000 |
|---|---|---|
| committer | Philip Sargent <philip.sargent@klebos.com> | 2021-03-26 17:33:58 +0000 |
| commit | 1c7e99e91b0b87eabcd8f328a0c08525e8c9f742 (patch) | |
| tree | 0fcde459d1e1c44b633f840a2ff18bb4e240a930 /settings.py | |
| parent | f5e799d632dc022f6c3fd53745ea2b724601ab15 (diff) | |
| download | troggle-1c7e99e91b0b87eabcd8f328a0c08525e8c9f742.tar.gz troggle-1c7e99e91b0b87eabcd8f328a0c08525e8c9f742.tar.bz2 troggle-1c7e99e91b0b87eabcd8f328a0c08525e8c9f742.zip | |
attempting to enable csrf cookie robustly
Diffstat (limited to 'settings.py')
| -rw-r--r-- | settings.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/settings.py b/settings.py index 024be70..49c59e2 100644 --- a/settings.py +++ b/settings.py @@ -128,11 +128,11 @@ INSTALLED_APPS = ( ) MIDDLEWARE_CLASSES = ( + 'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST 'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST 'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests 'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW - 'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST - 'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest + 'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user 'django.contrib.admindocs.middleware.XViewMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support 'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header |