Move Rack::Attack and Rack::Cors middlewares to be before Warden::Manager

author: Nick Thomas <nick@gitlab.com> 2016-09-22 13:20:17 +0100
committer: Nick Thomas <nick@gitlab.com> 2016-09-26 13:05:01 +0100
commit: ae5831500a953528ec79a87f1da52ced014f74d7 (patch)
tree: 1b19bc513b58bcb361a7f413659991d6a33896ba /config/application.rb
parent: fca610e5cbf5382f3814120227a0ca11440c8a9f (diff)
download: gitlab-ce-ae5831500a953528ec79a87f1da52ced014f74d7.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/config/application.rb b/config/application.rb
index 4792f6670a8..4f04687a5e4 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -99,10 +99,10 @@ module Gitlab
 
     config.action_view.sanitized_allowed_protocols = %w(smb)
 
-    config.middleware.use Rack::Attack
+    config.middleware.insert_before Warden::Manager, Rack::Attack
 
     # Allow access to GitLab API from other domains
-    config.middleware.use Rack::Cors do
+    config.middleware.insert_before Warden::Manager, Rack::Cors do
       allow do
         origins '*'
         resource '/api/*',
author	Nick Thomas <nick@gitlab.com>	2016-09-22 13:20:17 +0100
committer	Nick Thomas <nick@gitlab.com>	2016-09-26 13:05:01 +0100
commit	ae5831500a953528ec79a87f1da52ced014f74d7 (patch)
tree	1b19bc513b58bcb361a7f413659991d6a33896ba /config/application.rb
parent	fca610e5cbf5382f3814120227a0ca11440c8a9f (diff)
download	gitlab-ce-ae5831500a953528ec79a87f1da52ced014f74d7.tar.gz