Over the past couple days, I've made some more updates and polish to the PR. A couple people have looked at it, but some more eyes would be appreciated as it's hopefully now in a mergeable state. Thanks!
https://github.com/django/django/pull/3128 p.s. It uses flat, non-dict settings. We can continue the debate on other dict settings in another thread. On Tuesday, September 2, 2014 3:09:42 PM UTC-4, Carl Meyer wrote: > > On 09/01/2014 02:34 PM, Michael Manfre wrote: > > On Mon, Sep 1, 2014 at 2:12 PM, Aymeric Augustin > > <aymeric....@polytechnique.org <javascript:> > > <mailto:aymeric....@polytechnique.org <javascript:>>> wrote: > > > > If we recommend HSTS, we need visible warnings and a small duration > > in examples, for people who copy-paste without reading. > > > > > > The default duration should also be less than a day for the exact reason > > brought up. The visible warnings could state why it is a good idea to > > increase the duration, after it is tested in production. > > There is no default duration; the default is no HSTS at all. Tim has > updated the documentation to warn about the possible issues, and > recommend testing with a short duration before increasing. > > Carl > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/2831b58c-8e05-4efe-9710-f402e3780572%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
