From f0c6c7d308b8a87f408fa01a7f80d704edc28333 Mon Sep 17 00:00:00 2001
From: Tobias Schulmann <tobiasschulmann@catalyst.net.nz>
Date: Mon, 12 Dec 2016 12:23:09 +1300
Subject: [PATCH] Middleware changes: * Moved SessionMiddelware to end of
 middleware stack * Added CSRFMiddleware into stack

---
 ckan/config/middleware/pylons_app.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ckan/config/middleware/pylons_app.py b/ckan/config/middleware/pylons_app.py
index 0a63e4fbd07..194bec67252 100644
--- a/ckan/config/middleware/pylons_app.py
+++ b/ckan/config/middleware/pylons_app.py
@@ -61,7 +61,7 @@ def make_pylons_stack(conf, full_stack=True, static_files=True,
     # we want to be able to retrieve the routes middleware to be able to update
     # the mapper.  We store it in the pylons config to allow this.
     config['routes.middleware'] = app
-    app = SessionMiddleware(app, config)
+
     app = CacheMiddleware(app, config)
 
     # CUSTOM MIDDLEWARE HERE (filtered by error handling middlewares)
@@ -130,6 +130,13 @@ def make_pylons_stack(conf, full_stack=True, static_files=True,
         who_parser.remote_user_key
     )
 
+    try:
+        from ckanext.security.middleware import CSRFMiddleware
+        app = CSRFMiddleware(app, config)
+    except ImportError:
+        pass
+    app = SessionMiddleware(app, config)
+
     # Establish the Registry for this application
     app = RegistryManager(app)