mirror of
				https://github.com/django/django.git
				synced 2025-10-26 15:16:09 +00:00 
			
		
		
		
	[1.10.x] Fixed docs to refer to HSTS includeSubdomains as a directive.
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
Backport of 8c3bc5cd78 from master
			
			
This commit is contained in:
		| @@ -249,8 +249,8 @@ so that infrequent visitors will be protected (31536000 seconds, i.e. 1 year, | ||||
| is common). | ||||
|  | ||||
| Additionally, if you set the :setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting | ||||
| to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` tag to | ||||
| the ``Strict-Transport-Security`` header. This is recommended (assuming all | ||||
| to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` directive | ||||
| to the ``Strict-Transport-Security`` header. This is recommended (assuming all | ||||
| subdomains are served exclusively using HTTPS), otherwise your site may still | ||||
| be vulnerable via an insecure connection to a subdomain. | ||||
|  | ||||
|   | ||||
| @@ -2040,7 +2040,7 @@ already have it. | ||||
| Default: ``False`` | ||||
|  | ||||
| If ``True``, the :class:`~django.middleware.security.SecurityMiddleware` adds | ||||
| the ``includeSubDomains`` tag to the :ref:`http-strict-transport-security` | ||||
| the ``includeSubDomains`` directive to the :ref:`http-strict-transport-security` | ||||
| header. It has no effect unless :setting:`SECURE_HSTS_SECONDS` is set to a | ||||
| non-zero value. | ||||
|  | ||||
|   | ||||
| @@ -83,7 +83,7 @@ class SecurityMiddlewareTest(SimpleTestCase): | ||||
|         """ | ||||
|         With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS | ||||
|         True, the middleware adds a "strict-transport-security" header with the | ||||
|         "includeSubDomains" tag to the response. | ||||
|         "includeSubDomains" directive to the response. | ||||
|         """ | ||||
|         response = self.process_response(secure=True) | ||||
|         self.assertEqual(response["strict-transport-security"], "max-age=600; includeSubDomains") | ||||
| @@ -94,7 +94,7 @@ class SecurityMiddlewareTest(SimpleTestCase): | ||||
|         """ | ||||
|         With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS | ||||
|         False, the middleware adds a "strict-transport-security" header without | ||||
|         the "includeSubDomains" tag to the response. | ||||
|         the "includeSubDomains" directive to the response. | ||||
|         """ | ||||
|         response = self.process_response(secure=True) | ||||
|         self.assertEqual(response["strict-transport-security"], "max-age=600") | ||||
|   | ||||
		Reference in New Issue
	
	Block a user