JwtAuthCookieMiddleware needs to come before AuthenticationMiddleware.

2018-10-24 10:17:18 -04:00
parent fbb5e6c99c
commit 8bcd5fd785
2 changed files with 2 additions and 2 deletions
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -478,6 +478,7 @@ MIDDLEWARE_CLASSES = [
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.sites.middleware.CurrentSiteMiddleware',
+    'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware',

    # Allows us to define redirects via Django admin
    'django_sites_extensions.middleware.RedirectMiddleware',
@@ -530,7 +531,6 @@ MIDDLEWARE_CLASSES = [
    'edx_rest_framework_extensions.middleware.RequestMetricsMiddleware',

    'edx_rest_framework_extensions.auth.jwt.middleware.EnsureJWTAuthSettingsMiddleware',
-    'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware',

    # This must be last so that it runs first in the process_response chain
    'openedx.core.djangoapps.site_configuration.middleware.SessionCookieDomainOverrideMiddleware',
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -1221,6 +1221,7 @@ MIDDLEWARE_CLASSES = [
    'django_comment_client.middleware.AjaxExceptionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sites.middleware.CurrentSiteMiddleware',
+    'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware',

    # Allows us to define redirects via Django admin
    'django_sites_extensions.middleware.RedirectMiddleware',
@@ -1298,7 +1299,6 @@ MIDDLEWARE_CLASSES = [
    'edx_rest_framework_extensions.middleware.RequestMetricsMiddleware',

    'edx_rest_framework_extensions.auth.jwt.middleware.EnsureJWTAuthSettingsMiddleware',
-    'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware',

    # This must be last
    'openedx.core.djangoapps.site_configuration.middleware.SessionCookieDomainOverrideMiddleware',