Home Explore Help
Sign In
CityApper
/
django
mirror of https://github.com/django/django
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fixed #24796 -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.

Also moved it in the project template.
Marissa Zhou 9 years ago
parent
167a3203b6
commit
8b1f39a727
3 changed files with 8 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      django/conf/project_template/project_name/settings.py
  2. 6 0
      docs/ref/middleware.txt
  3. 1 1
      docs/topics/http/middleware.txt

+ 1 - 1
django/conf/project_template/project_name/settings.py
View File 

@@ -40,6 +40,7 @@ INSTALLED_APPS = [
 
 ]
 
 
 MIDDLEWARE_CLASSES = [
 
+    'django.middleware.security.SecurityMiddleware',
 
     'django.contrib.sessions.middleware.SessionMiddleware',
 
     'django.middleware.common.CommonMiddleware',
 
     'django.middleware.csrf.CsrfViewMiddleware',
 
@@ -47,7 +48,6 @@ MIDDLEWARE_CLASSES = [
 
     'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
 
     'django.contrib.messages.middleware.MessageMiddleware',
 
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
 
-    'django.middleware.security.SecurityMiddleware',
 
 ]
 
 
 ROOT_URLCONF = '{{ project_name }}.urls'

+ 6 - 0
docs/ref/middleware.txt
View File 

@@ -411,6 +411,12 @@ Middleware ordering
 
 
 Here are some hints about the ordering of various Django middleware classes:
 
 
+#. :class:`~django.middleware.security.SecurityMiddleware`
 
+
 
+   It should go near the top of the list if you're going to turn on the SSL
 
+   redirect as that avoids running through a bunch of other unnecessary
 
+   middleware.
 
+
 
 #. :class:`~django.middleware.cache.UpdateCacheMiddleware`
 
 
    Before those that modify the ``Vary`` header (``SessionMiddleware``,

+ 1 - 1
docs/topics/http/middleware.txt
View File 

@@ -28,6 +28,7 @@ here's the default value created by :djadmin:`django-admin startproject
 
 <startproject>`::
 
 
     MIDDLEWARE_CLASSES = [
 
+        'django.middleware.security.SecurityMiddleware',
 
         'django.contrib.sessions.middleware.SessionMiddleware',
 
         'django.middleware.common.CommonMiddleware',
 
         'django.middleware.csrf.CsrfViewMiddleware',
 
@@ -35,7 +36,6 @@ here's the default value created by :djadmin:`django-admin startproject
 
         'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
 
         'django.contrib.messages.middleware.MessageMiddleware',
 
         'django.middleware.clickjacking.XFrameOptionsMiddleware',
 
-        'django.middleware.security.SecurityMiddleware',
 
     ]
 
 
 A Django installation doesn't require any middleware —