test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed docs to refer to HSTS includeSubdomains as a directive. 

The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
This commit is contained in:
Ed Morley 2016-07-28 17:30:16 +01:00 committed by Tim Graham
parent 004ba05bca
commit 8c3bc5cd78
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/ref/middleware.txt
View File

@ -255,8 +255,8 @@ so that infrequent visitors will be protected (31536000 seconds, i.e. 1 year,
is common). is common).
Additionally, if you set the :setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting Additionally, if you set the :setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting
to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` tag to to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` directive
the ``Strict-Transport-Security`` header. This is recommended (assuming all to the ``Strict-Transport-Security`` header. This is recommended (assuming all
subdomains are served exclusively using HTTPS), otherwise your site may still subdomains are served exclusively using HTTPS), otherwise your site may still
be vulnerable via an insecure connection to a subdomain. be vulnerable via an insecure connection to a subdomain.

2
docs/ref/settings.txt
View File

@ -2053,7 +2053,7 @@ already have it.
Default: ``False`` Default: ``False``
If ``True``, the :class:`~django.middleware.security.SecurityMiddleware` adds If ``True``, the :class:`~django.middleware.security.SecurityMiddleware` adds
the ``includeSubDomains`` tag to the :ref:`http-strict-transport-security` the ``includeSubDomains`` directive to the :ref:`http-strict-transport-security`
header. It has no effect unless :setting:`SECURE_HSTS_SECONDS` is set to a header. It has no effect unless :setting:`SECURE_HSTS_SECONDS` is set to a
non-zero value. non-zero value.

4
tests/middleware/test_security.py
View File

@ -83,7 +83,7 @@ class SecurityMiddlewareTest(SimpleTestCase):
""" """
With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS
True, the middleware adds a "strict-transport-security" header with the True, the middleware adds a "strict-transport-security" header with the
"includeSubDomains" tag to the response. "includeSubDomains" directive to the response.
""" """
response = self.process_response(secure=True) response = self.process_response(secure=True)
self.assertEqual(response["strict-transport-security"], "max-age=600; includeSubDomains") self.assertEqual(response["strict-transport-security"], "max-age=600; includeSubDomains")
@ -94,7 +94,7 @@ class SecurityMiddlewareTest(SimpleTestCase):
""" """
With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS
False, the middleware adds a "strict-transport-security" header without False, the middleware adds a "strict-transport-security" header without
the "includeSubDomains" tag to the response. the "includeSubDomains" directive to the response.
""" """
response = self.process_response(secure=True) response = self.process_response(secure=True)
self.assertEqual(response["strict-transport-security"], "max-age=600") self.assertEqual(response["strict-transport-security"], "max-age=600")