diff options
| author | Philip Sargent <philip.sargent@klebos.com> | 2021-03-27 18:22:07 +0000 |
|---|---|---|
| committer | Philip Sargent <philip.sargent@klebos.com> | 2021-03-27 18:22:07 +0000 |
| commit | ffaaea497c44f362a619d95da097def836a28b50 (patch) | |
| tree | 417ccaae7e1d635408a02f8bd29962f7d8b665fe /settings.py | |
| parent | e7947069a2877b47c1dd7a18b686da5bbf3e160b (diff) | |
| download | troggle-ffaaea497c44f362a619d95da097def836a28b50.tar.gz troggle-ffaaea497c44f362a619d95da097def836a28b50.tar.bz2 troggle-ffaaea497c44f362a619d95da097def836a28b50.zip | |
re-ordering middleware and logon system
Diffstat (limited to 'settings.py')
| -rw-r--r-- | settings.py | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/settings.py b/settings.py index 61d0bfc..20a0d63 100644 --- a/settings.py +++ b/settings.py @@ -126,16 +126,18 @@ INSTALLED_APPS = ( 'troggle.flatpages', # Written by Martin Green 2011. This is NOT django.contrib.flatpages which stores HTML in the database ) +# See the recommended order of these in https://docs.djangoproject.com/en/2.2/ref/middleware/ MIDDLEWARE_CLASSES = ( - 'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST - 'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST - 'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests + #'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST # we don't use this + 'django.middleware.gzip.GZipMiddleware', # not needed as expofiles and photos served by apache + 'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions, if CSRF_USE_SESSIONS then it needs to be early 'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW + 'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST 'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user - 'django.contrib.admindocs.middleware.XViewMiddleware', - 'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support + 'django.contrib.admindocs.middleware.XViewMiddleware', # this and docutils needed by admindocs + 'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support. Needed by admin system 'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header - 'troggle.middleware.SmartAppendSlashMiddleware' # Outdated & unneeded? + 'troggle.middleware.SmartAppendSlashMiddleware' # ) ROOT_URLCONF = 'troggle.urls' |