Opened 5 years ago
Last modified 5 years ago
#30356 closed Bug
HSTS disabled in admin pages — at Initial Version
| Reported by: | ObserverOfTime | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | 2.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I've made a site using Django v2.1.7 & nginx v1.10.3 and I've set the Strict-Transport-Security header in nginx:
add_header Strict-Transport-Security
"max-age=15768000; includeSubDomains; preload" always;
The header shows up as expected when querying any page, except for pages under /admin.
Not sure if this is a bug in Django or nginx, or if I messed something up.
Note:
See TracTickets
for help on using tickets.