[1.10.x] Fixed docs to refer to HSTS includeSubdomains as a directive.
The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
Backport of 8c3bc5cd78
from master
This commit is contained in:
parent
c66f5d058a
commit
233ec837f6
|
@ -249,8 +249,8 @@ so that infrequent visitors will be protected (31536000 seconds, i.e. 1 year,
|
||||||
is common).
|
is common).
|
||||||
|
|
||||||
Additionally, if you set the :setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting
|
Additionally, if you set the :setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting
|
||||||
to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` tag to
|
to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` directive
|
||||||
the ``Strict-Transport-Security`` header. This is recommended (assuming all
|
to the ``Strict-Transport-Security`` header. This is recommended (assuming all
|
||||||
subdomains are served exclusively using HTTPS), otherwise your site may still
|
subdomains are served exclusively using HTTPS), otherwise your site may still
|
||||||
be vulnerable via an insecure connection to a subdomain.
|
be vulnerable via an insecure connection to a subdomain.
|
||||||
|
|
||||||
|
|
|
@ -2040,7 +2040,7 @@ already have it.
|
||||||
Default: ``False``
|
Default: ``False``
|
||||||
|
|
||||||
If ``True``, the :class:`~django.middleware.security.SecurityMiddleware` adds
|
If ``True``, the :class:`~django.middleware.security.SecurityMiddleware` adds
|
||||||
the ``includeSubDomains`` tag to the :ref:`http-strict-transport-security`
|
the ``includeSubDomains`` directive to the :ref:`http-strict-transport-security`
|
||||||
header. It has no effect unless :setting:`SECURE_HSTS_SECONDS` is set to a
|
header. It has no effect unless :setting:`SECURE_HSTS_SECONDS` is set to a
|
||||||
non-zero value.
|
non-zero value.
|
||||||
|
|
||||||
|
|
|
@ -83,7 +83,7 @@ class SecurityMiddlewareTest(SimpleTestCase):
|
||||||
"""
|
"""
|
||||||
With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS
|
With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS
|
||||||
True, the middleware adds a "strict-transport-security" header with the
|
True, the middleware adds a "strict-transport-security" header with the
|
||||||
"includeSubDomains" tag to the response.
|
"includeSubDomains" directive to the response.
|
||||||
"""
|
"""
|
||||||
response = self.process_response(secure=True)
|
response = self.process_response(secure=True)
|
||||||
self.assertEqual(response["strict-transport-security"], "max-age=600; includeSubDomains")
|
self.assertEqual(response["strict-transport-security"], "max-age=600; includeSubDomains")
|
||||||
|
@ -94,7 +94,7 @@ class SecurityMiddlewareTest(SimpleTestCase):
|
||||||
"""
|
"""
|
||||||
With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS
|
With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS
|
||||||
False, the middleware adds a "strict-transport-security" header without
|
False, the middleware adds a "strict-transport-security" header without
|
||||||
the "includeSubDomains" tag to the response.
|
the "includeSubDomains" directive to the response.
|
||||||
"""
|
"""
|
||||||
response = self.process_response(secure=True)
|
response = self.process_response(secure=True)
|
||||||
self.assertEqual(response["strict-transport-security"], "max-age=600")
|
self.assertEqual(response["strict-transport-security"], "max-age=600")
|
||||||
|
|
Loading…
Reference in New Issue