#30356: HSTS disabled in admin pages
------------------------------------------+------------------------
Reporter: ObserverOfTime | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 2.1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------+------------------------
I've made a [https://arc-relight.site site] using {{{Django v2.1.7}}} &
{{{nginx v1.10.3}}} and I've set the {{{Strict-Transport-Security}}}
header in nginx:
{{{
add_header Strict-Transport-Security
"max-age=15768000; includeSubDomains; preload" always;
}}}
The header shows up as expected when querying any page, except for pages
under {{{/admin}}}.
Not sure if this is a bug in Django or nginx, or if I messed something up.
--
Ticket URL: <https://code.djangoproject.com/ticket/30356>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/057.b7a35aa656365edb85c2cd5658b7f68f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
