#30356 closed Bug (invalid)
HSTS disabled in admin pages
| Reported by: | ObserverOfTime | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | 2.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
I've made a site using Django v2.1.7 & nginx v1.10.3 and I've set the Strict-Transport-Security header in nginx:
add_header Strict-Transport-Security
"max-age=15768000; includeSubDomains; preload" always;
The header shows up as expected when querying any page, except for pages under /admin.
Not sure if this is a bug in Django or nginx, or if I messed something up.
Update: turns out nginx was not inheriting the header in that path so it's not a Django bug.
Change History (3)
comment:1 by , 5 years ago
| Resolution: | → needsinfo |
|---|---|
| Status: | new → closed |
comment:2 by , 5 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 5 years ago
| Resolution: | needsinfo → invalid |
|---|
Note:
See TracTickets
for help on using tickets.
This ticket tracker isn't a support channel to debug issues. You need to investigate the problem yourself and explain why Django is at fault.