mirror of https://github.com/django/django.git
Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading slashes.
This commit is contained in:
parent
e7cdb0cd7e
commit
d232fd76a8
|
@ -2306,8 +2306,11 @@ available in ``request.META``.)
|
||||||
Default: ``[]`` (Empty list)
|
Default: ``[]`` (Empty list)
|
||||||
|
|
||||||
If a URL path matches a regular expression in this list, the request will not be
|
If a URL path matches a regular expression in this list, the request will not be
|
||||||
redirected to HTTPS. If :setting:`SECURE_SSL_REDIRECT` is ``False``, this
|
redirected to HTTPS. The
|
||||||
setting has no effect.
|
:class:`~django.middleware.security.SecurityMiddleware` strips leading slashes
|
||||||
|
from URL paths, so patterns shouldn't include them, e.g.
|
||||||
|
``SECURE_REDIRECT_EXEMPT = [r'^no-ssl/$', …]``. If
|
||||||
|
:setting:`SECURE_SSL_REDIRECT` is ``False``, this setting has no effect.
|
||||||
|
|
||||||
.. setting:: SECURE_REFERRER_POLICY
|
.. setting:: SECURE_REFERRER_POLICY
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue