From c57f1ac606de05eccf442a8350332014355dd115 Mon Sep 17 00:00:00 2001
From: Marco Ciotola <848222@stud.unive.it>
Date: Thu, 7 Mar 2019 23:05:28 +0100
Subject: [PATCH] [DJ2] Update HSTS Middleware to latest definition

---
 helios/security.py | 16 ++++++++++++++--
 settings.py        | 11 ++++++-----
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/helios/security.py b/helios/security.py
index 116c013..88dc675 100644
--- a/helios/security.py
+++ b/helios/security.py
@@ -22,11 +22,23 @@ import helios
 
 
 class HSTSMiddleware:
-    def process_response(self, request, response):
+    def __init__(self, get_response):
+        self.get_response = get_response
+        # One-time configuration and initialization.
+
+    def __call__(self, request):
+        # Code to be executed for each request before
+        # the view (and later middleware) are called.
+
+        response = self.get_response(request)
+
+        # Code to be executed for each request/response after
+        # the view is called.
+
         if settings.STS:
           response['Strict-Transport-Security'] = "max-age=31536000; includeSubDomains; preload"
         return response
-        
+
 # current voter
 def get_voter(request, user, election):
   """
diff --git a/settings.py b/settings.py
index 9b30ff5..4cb3af7 100644
--- a/settings.py
+++ b/settings.py
@@ -116,19 +116,20 @@ SECURE_CONTENT_TYPE_NOSNIFF = True
 
 SILENCED_SYSTEM_CHECKS = ['urls.W002']
 
-MIDDLEWARE_CLASSES = (
+MIDDLEWARE = [
     # make all things SSL
     #'sslify.middleware.SSLifyMiddleware',
 
     # secure a bunch of things
-    'djangosecure.middleware.SecurityMiddleware',
+    'django.middleware.security.SecurityMiddleware',
     'helios.security.HSTSMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    # 'django.middleware.csrf.CsrfViewMiddleware',
 
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.contrib.auth.middleware.AuthenticationMiddleware'
-)
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+]
 
 ROOT_URLCONF = 'urls'
 
@@ -280,7 +281,7 @@ CELERY_TASK_ALWAYS_EAGER = True
 ROLLBAR_ACCESS_TOKEN = get_from_env('ROLLBAR_ACCESS_TOKEN', None)
 if ROLLBAR_ACCESS_TOKEN:
   print "setting up rollbar"
-  MIDDLEWARE_CLASSES += ('rollbar.contrib.django.middleware.RollbarNotifierMiddleware',)
+  MIDDLEWARE += ['rollbar.contrib.django.middleware.RollbarNotifierMiddleware',]
   ROLLBAR = {
     'access_token': ROLLBAR_ACCESS_TOKEN,
     'environment': 'development' if DEBUG else 'production',  
-- 
GitLab