From 8bcd5fd7850143a1b7d79d1931be0d276d986cc1 Mon Sep 17 00:00:00 2001 From: Douglas Hall Date: Wed, 24 Oct 2018 10:17:18 -0400 Subject: [PATCH] JwtAuthCookieMiddleware needs to come before AuthenticationMiddleware. --- cms/envs/common.py | 2 +- lms/envs/common.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cms/envs/common.py b/cms/envs/common.py index 980e7adb93..96982f912c 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -478,6 +478,7 @@ MIDDLEWARE_CLASSES = [ 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.sites.middleware.CurrentSiteMiddleware', + 'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware', # Allows us to define redirects via Django admin 'django_sites_extensions.middleware.RedirectMiddleware', @@ -530,7 +531,6 @@ MIDDLEWARE_CLASSES = [ 'edx_rest_framework_extensions.middleware.RequestMetricsMiddleware', 'edx_rest_framework_extensions.auth.jwt.middleware.EnsureJWTAuthSettingsMiddleware', - 'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware', # This must be last so that it runs first in the process_response chain 'openedx.core.djangoapps.site_configuration.middleware.SessionCookieDomainOverrideMiddleware', diff --git a/lms/envs/common.py b/lms/envs/common.py index 367667e1b2..2df9eae3c8 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -1221,6 +1221,7 @@ MIDDLEWARE_CLASSES = [ 'django_comment_client.middleware.AjaxExceptionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.contrib.sites.middleware.CurrentSiteMiddleware', + 'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware', # Allows us to define redirects via Django admin 'django_sites_extensions.middleware.RedirectMiddleware', @@ -1298,7 +1299,6 @@ MIDDLEWARE_CLASSES = [ 'edx_rest_framework_extensions.middleware.RequestMetricsMiddleware', 'edx_rest_framework_extensions.auth.jwt.middleware.EnsureJWTAuthSettingsMiddleware', - 'edx_rest_framework_extensions.auth.jwt.middleware.JwtAuthCookieMiddleware', # This must be last 'openedx.core.djangoapps.site_configuration.middleware.SessionCookieDomainOverrideMiddleware',