diff --git a/helios/security.py b/helios/security.py
index 116c013cbb80ddfd724a9ed70c4fef79dc856d8b..88dc6754d0bea4e046b6a3e2bb3f8e7c13bb63b5 100644
--- a/helios/security.py
+++ b/helios/security.py
@@ -22,11 +22,23 @@ import helios
 
 
 class HSTSMiddleware:
-    def process_response(self, request, response):
+    def __init__(self, get_response):
+        self.get_response = get_response
+        # One-time configuration and initialization.
+
+    def __call__(self, request):
+        # Code to be executed for each request before
+        # the view (and later middleware) are called.
+
+        response = self.get_response(request)
+
+        # Code to be executed for each request/response after
+        # the view is called.
+
         if settings.STS:
           response['Strict-Transport-Security'] = "max-age=31536000; includeSubDomains; preload"
         return response
-        
+
 # current voter
 def get_voter(request, user, election):
   """
diff --git a/settings.py b/settings.py
index 9b30ff5ab73dd8fd41b8aa8309e026d02e02776a..4cb3af7be0cb44dd945a0993f244f19e2b17a045 100644
--- a/settings.py
+++ b/settings.py
@@ -116,19 +116,20 @@ SECURE_CONTENT_TYPE_NOSNIFF = True
 
 SILENCED_SYSTEM_CHECKS = ['urls.W002']
 
-MIDDLEWARE_CLASSES = (
+MIDDLEWARE = [
     # make all things SSL
     #'sslify.middleware.SSLifyMiddleware',
 
     # secure a bunch of things
-    'djangosecure.middleware.SecurityMiddleware',
+    'django.middleware.security.SecurityMiddleware',
     'helios.security.HSTSMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    # 'django.middleware.csrf.CsrfViewMiddleware',
 
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.contrib.auth.middleware.AuthenticationMiddleware'
-)
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+]
 
 ROOT_URLCONF = 'urls'
 
@@ -280,7 +281,7 @@ CELERY_TASK_ALWAYS_EAGER = True
 ROLLBAR_ACCESS_TOKEN = get_from_env('ROLLBAR_ACCESS_TOKEN', None)
 if ROLLBAR_ACCESS_TOKEN:
   print "setting up rollbar"
-  MIDDLEWARE_CLASSES += ('rollbar.contrib.django.middleware.RollbarNotifierMiddleware',)
+  MIDDLEWARE += ['rollbar.contrib.django.middleware.RollbarNotifierMiddleware',]
   ROLLBAR = {
     'access_token': ROLLBAR_ACCESS_TOKEN,
     'environment': 'development' if DEBUG else 'production',