p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Added note about Strict Transport Security (HSTS)

This commit is contained in:
David Fischer 2012-09-06 15:13:31 -04:00
parent cff911f4ba
commit ba141e6906
No known key found for this signature in database
GPG Key ID: F0C9B0ADA737AB60
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/topics/security.txt
View File

@ -147,6 +147,14 @@ server, there are some additional steps you may need:
any POST data being accepted over HTTP (which will be fine if you are
redirecting all HTTP traffic to HTTPS).
* Use HTTP Strict Transport Security (HSTS)
HSTS is an HTTP header that informs a browser that all future connections
to a particular site should always use HTTPS. Combined with redirecting
requests over HTTP to HTTPS, this will ensure that connections always enjoy
the added security of SSL provided one successful connection has occurred.
HSTS is usually configured on the web server.
.. _additional-security-topics:
Host headers and virtual hosting