summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorMarissa Zhou <marissa.zhou@propylon.com>2015-06-05 16:50:53 +0100
committerTim Graham <timograham@gmail.com>2015-06-08 12:32:38 -0400
commit8b1f39a727be91aab40bdb37235718ed63ae1d50 (patch)
tree3e8fbbed5a58883851d947352ddc4eca68f5f679 /docs
parent167a3203b645341a3b00b878594bfd8d4dd6b040 (diff)
Fixed #24796 -- Added a hint on placement of SecurityMiddleware in MIDDLEWARE_CLASSES.
Also moved it in the project template.
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/middleware.txt6
-rw-r--r--docs/topics/http/middleware.txt2
2 files changed, 7 insertions, 1 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt
index 8f88b6686c..d256347577 100644
--- a/docs/ref/middleware.txt
+++ b/docs/ref/middleware.txt
@@ -411,6 +411,12 @@ Middleware ordering
Here are some hints about the ordering of various Django middleware classes:
+#. :class:`~django.middleware.security.SecurityMiddleware`
+
+ It should go near the top of the list if you're going to turn on the SSL
+ redirect as that avoids running through a bunch of other unnecessary
+ middleware.
+
#. :class:`~django.middleware.cache.UpdateCacheMiddleware`
Before those that modify the ``Vary`` header (``SessionMiddleware``,
diff --git a/docs/topics/http/middleware.txt b/docs/topics/http/middleware.txt
index 503a95cdfe..3cd6baa520 100644
--- a/docs/topics/http/middleware.txt
+++ b/docs/topics/http/middleware.txt
@@ -28,6 +28,7 @@ here's the default value created by :djadmin:`django-admin startproject
<startproject>`::
MIDDLEWARE_CLASSES = [
+ 'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
@@ -35,7 +36,6 @@ here's the default value created by :djadmin:`django-admin startproject
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
- 'django.middleware.security.SecurityMiddleware',
]
A Django installation doesn't require any middleware —