Over the past couple days, I've made some more updates and polish to the PR. A couple people have looked at it, but some more eyes would be appreciated as it's hopefully now in a mergeable state. Thanks!
https://github.com/django/django/pull/3128 p.s. It uses flat, non-dict settings. We can continue the debate on other dict settings in another thread. On Tuesday, September 2, 2014 3:09:42 PM UTC-4, Carl Meyer wrote: > > On 09/01/2014 02:34 PM, Michael Manfre wrote: > > On Mon, Sep 1, 2014 at 2:12 PM, Aymeric Augustin > > <[email protected] <javascript:> > > <mailto:[email protected] <javascript:>>> wrote: > > > > If we recommend HSTS, we need visible warnings and a small duration > > in examples, for people who copy-paste without reading. > > > > > > The default duration should also be less than a day for the exact reason > > brought up. The visible warnings could state why it is a good idea to > > increase the duration, after it is tested in production. > > There is no default duration; the default is no HSTS at all. Tim has > updated the documentation to warn about the possible issues, and > recommend testing with a short duration before increasing. > > Carl > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/2831b58c-8e05-4efe-9710-f402e3780572%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
