From ae5831500a953528ec79a87f1da52ced014f74d7 Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Thu, 22 Sep 2016 13:20:17 +0100
Subject: Move Rack::Attack and Rack::Cors middlewares to be before
 Warden::Manager

---
 config/application.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'config/application.rb')

diff --git a/config/application.rb b/config/application.rb
index 4792f6670a8..4f04687a5e4 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -99,10 +99,10 @@ module Gitlab
 
     config.action_view.sanitized_allowed_protocols = %w(smb)
 
-    config.middleware.use Rack::Attack
+    config.middleware.insert_before Warden::Manager, Rack::Attack
 
     # Allow access to GitLab API from other domains
-    config.middleware.use Rack::Cors do
+    config.middleware.insert_before Warden::Manager, Rack::Cors do
       allow do
         origins '*'
         resource '/api/*',
-- 
cgit v1.2.1