From 65cdcb1bc367dde16545e5904cd6ee4dd3bb57a6 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Sun, 17 Aug 2014 19:29:31 +0530
Subject: [PATCH] Re-introduce Django CSRF middleware

It is a security issue not to include the Django CSRF middle. Also, since we
don't have a reason to alter the Django middleware list and order, we should
use the same list.
---
 plinth.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/plinth.py b/plinth.py
index f84d4b85a..18cc6e152 100755
--- a/plinth.py
+++ b/plinth.py
@@ -175,10 +175,12 @@ def configure_django():
         LOGIN_REDIRECT_URL='apps:index',
         LOGOUT_URL='lib:logout',
         MIDDLEWARE_CLASSES=(
-            'django.middleware.common.CommonMiddleware',
             'django.contrib.sessions.middleware.SessionMiddleware',
+            'django.middleware.common.CommonMiddleware',
+            'django.middleware.csrf.CsrfViewMiddleware',
             'django.contrib.auth.middleware.AuthenticationMiddleware',
             'django.contrib.messages.middleware.MessageMiddleware',
+            'django.middleware.clickjacking.XFrameOptionsMiddleware',
             'modules.first_boot.middleware.FirstBootMiddleware',
         ),
         ROOT_URLCONF='urls',