mirror of https://github.com/django/django.git
Fixed #24796 -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.
Also moved it in the project template.
This commit is contained in:
Marissa Zhou
Tim Graham
parent
167a3203b6
commit
8b1f39a727
|
|
@ -40,6 +40,7 @@ INSTALLED_APPS = [
|
||||||
]
|
]
|
||||||
|
|
||||||
MIDDLEWARE_CLASSES = [
|
MIDDLEWARE_CLASSES = [
|
||||||
|
'django.middleware.security.SecurityMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
|
|
@ -47,7 +48,6 @@ MIDDLEWARE_CLASSES = [
|
||||||
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
|
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
|
||||||
'django.contrib.messages.middleware.MessageMiddleware',
|
'django.contrib.messages.middleware.MessageMiddleware',
|
||||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||||
'django.middleware.security.SecurityMiddleware',
|
|
||||||
]
|
]
|
||||||
|
|
||||||
ROOT_URLCONF = '{{ project_name }}.urls'
|
ROOT_URLCONF = '{{ project_name }}.urls'
|
||||||
|
|
|
||||||
|
|
@ -411,6 +411,12 @@ Middleware ordering
|
||||||
|
|
||||||
Here are some hints about the ordering of various Django middleware classes:
|
Here are some hints about the ordering of various Django middleware classes:
|
||||||
|
|
||||||
|
#. :class:`~django.middleware.security.SecurityMiddleware`
|
||||||
|
|
||||||
|
It should go near the top of the list if you're going to turn on the SSL
|
||||||
|
redirect as that avoids running through a bunch of other unnecessary
|
||||||
|
middleware.
|
||||||
|
|
||||||
#. :class:`~django.middleware.cache.UpdateCacheMiddleware`
|
#. :class:`~django.middleware.cache.UpdateCacheMiddleware`
|
||||||
|
|
||||||
Before those that modify the ``Vary`` header (``SessionMiddleware``,
|
Before those that modify the ``Vary`` header (``SessionMiddleware``,
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,7 @@ here's the default value created by :djadmin:`django-admin startproject
|
||||||
<startproject>`::
|
<startproject>`::
|
||||||
|
|
||||||
MIDDLEWARE_CLASSES = [
|
MIDDLEWARE_CLASSES = [
|
||||||
|
'django.middleware.security.SecurityMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
|
|
@ -35,7 +36,6 @@ here's the default value created by :djadmin:`django-admin startproject
|
||||||
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
|
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
|
||||||
'django.contrib.messages.middleware.MessageMiddleware',
|
'django.contrib.messages.middleware.MessageMiddleware',
|
||||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||||
'django.middleware.security.SecurityMiddleware',
|
|
||||||
]
|
]
|
||||||
|
|
||||||
A Django installation doesn't require any middleware —
|
A Django installation doesn't require any middleware —
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue