summaryrefslogtreecommitdiffstats
path: root/settings.py
diff options
context:
space:
mode:
Diffstat (limited to 'settings.py')
-rw-r--r--settings.py14
1 files changed, 8 insertions, 6 deletions
diff --git a/settings.py b/settings.py
index 61d0bfc..20a0d63 100644
--- a/settings.py
+++ b/settings.py
@@ -126,16 +126,18 @@ INSTALLED_APPS = (
'troggle.flatpages', # Written by Martin Green 2011. This is NOT django.contrib.flatpages which stores HTML in the database
)
+# See the recommended order of these in https://docs.djangoproject.com/en/2.2/ref/middleware/
MIDDLEWARE_CLASSES = (
- 'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
- 'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST
- 'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests
+ #'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST # we don't use this
+ 'django.middleware.gzip.GZipMiddleware', # not needed as expofiles and photos served by apache
+ 'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions, if CSRF_USE_SESSIONS then it needs to be early
'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
+ 'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user
- 'django.contrib.admindocs.middleware.XViewMiddleware',
- 'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support
+ 'django.contrib.admindocs.middleware.XViewMiddleware', # this and docutils needed by admindocs
+ 'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support. Needed by admin system
'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header
- 'troggle.middleware.SmartAppendSlashMiddleware' # Outdated & unneeded?
+ 'troggle.middleware.SmartAppendSlashMiddleware' #
)
ROOT_URLCONF = 'troggle.urls'
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-07 23:34:27 +0000