From 039856688fd04f01f6e95b17e88c6fa76429b9c5 Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Wed, 10 Jul 2019 11:58:03 +0200
Subject: [PATCH] See #880: fixed missing x-frame-options=Sameorigin header

---
 api/config/settings/common.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/config/settings/common.py b/api/config/settings/common.py
index 08c9536f2..4c5df8727 100644
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@@ -222,14 +222,14 @@ INSTALLED_APPS = (
 # MIDDLEWARE CONFIGURATION
 # ------------------------------------------------------------------------------
 MIDDLEWARE = (
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "corsheaders.middleware.CorsMiddleware",
     "funkwhale_api.common.middleware.SPAFallbackMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
-    "corsheaders.middleware.CorsMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
-    "django.middleware.clickjacking.XFrameOptionsMiddleware",
     "funkwhale_api.users.middleware.RecordActivityMiddleware",
 )
 
-- 
GitLab