id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
30356	HSTS disabled in admin pages	ObserverOfTime	nobody	"I've made a [https://arc-relight.site site] using {{{Django v2.1.7}}} & {{{nginx v1.10.3}}} and I've set the {{{Strict-Transport-Security}}} header in nginx:

{{{
add_header Strict-Transport-Security
        ""max-age=15768000; includeSubDomains; preload"" always;
}}}

The header shows up as expected when querying any page, except for pages under {{{/admin}}}.
Not sure if this is a bug in Django or nginx, or if I messed something up.

Update: turns out nginx was not inheriting the header in that path so it's not a Django bug."	Bug	closed	Uncategorized	2.1	Normal	invalid			Unreviewed	0	0	0	0	0	0