From f39793b3ac5fbcdadb9627ce1edc3c9773b729d6 Mon Sep 17 00:00:00 2001
From: jakedt <jake@devtable.com>
Date: Tue, 25 Mar 2014 15:37:58 -0400
Subject: [PATCH] Check CSRF after processing the oauth token.

---
 endpoints/api/__init__.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/endpoints/api/__init__.py b/endpoints/api/__init__.py
index f45ac1127..3e02e923f 100644
--- a/endpoints/api/__init__.py
+++ b/endpoints/api/__init__.py
@@ -25,8 +25,8 @@ logger = logging.getLogger(__name__)
 api_bp = Blueprint('api', __name__)
 api = Api()
 api.init_app(api_bp)
-api.decorators = [process_oauth,
-                  csrf_protect,
+api.decorators = [csrf_protect,
+                  process_oauth,
                   crossdomain(origin='*', headers=['Authorization', 'Content-Type'])]