From fb98bca3f952a134565484be05b95c5151ef711c Mon Sep 17 00:00:00 2001
From: Adrian Utrilla <autrilla@mozilla.com>
Date: Mon, 29 Apr 2019 18:42:15 +0200
Subject: [PATCH] Apply Dockerflow middleware before security middleware

This ensures Dockerflow routes do not enforce security features such
as ALLOWED_HOSTS.
---
 buildhub/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildhub/settings.py b/buildhub/settings.py
index d8c83d83..f700e33e 100644
--- a/buildhub/settings.py
+++ b/buildhub/settings.py
@@ -134,11 +134,11 @@ class Core(Configuration, AWS, CORS, Whitenoise, CSP, Backfill):
     ]
 
     MIDDLEWARE = [
+        "dockerflow.django.middleware.DockerflowMiddleware",
         "django.middleware.security.SecurityMiddleware",
         "corsheaders.middleware.CorsMiddleware",
         "django.middleware.common.CommonMiddleware",
         "django.middleware.clickjacking.XFrameOptionsMiddleware",
-        "dockerflow.django.middleware.DockerflowMiddleware",
         "csp.middleware.CSPMiddleware",
         "whitenoise.middleware.WhiteNoiseMiddleware",
         "buildhub.middleware.StatsMiddleware",