Fix CORS to work with other middleware

battlecode · Nov 14, 2022 · 98c5b87 · 98c5b87
1 parent 10e6eb5
commit 98c5b87
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/backend/siarnaq/settings.py b/backend/siarnaq/settings.py
@@ -57,14 +57,15 @@
 ]
 
 MIDDLEWARE = [
+    # Place CORS first. See https://stackoverflow.com/a/45376281
+    "corsheaders.middleware.CorsMiddleware",
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
-    "corsheaders.middleware.CorsMiddleware",
 ]
 
 CORS_ORIGIN_ALLOW_ALL = True