From 1c7e99e91b0b87eabcd8f328a0c08525e8c9f742 Mon Sep 17 00:00:00 2001
From: Philip Sargent <philip.sargent@klebos.com>
Date: Fri, 26 Mar 2021 17:33:58 +0000
Subject: attempting to enable csrf cookie robustly

---
 settings.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'settings.py')

diff --git a/settings.py b/settings.py
index 024be70..49c59e2 100644
--- a/settings.py
+++ b/settings.py
@@ -128,11 +128,11 @@ INSTALLED_APPS = (
 )
 
 MIDDLEWARE_CLASSES = (
+    'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
     'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST
     'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests
     'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
-    'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
-    'django.contrib.auth.middleware.AuthenticationMiddleware',  # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest
+    'django.contrib.auth.middleware.AuthenticationMiddleware',  # Adds the user attribute, representing the currently-logged-in user
     'django.contrib.admindocs.middleware.XViewMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support
     'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header
-- 
cgit v1.2.3