#31980: manage.py check --deploy should not throw security.W004 warning if
SECURE_HSTS_SECONDS is explicitly set to 0
-------------------------------------+-------------------------------------
Reporter: magnus- | Owner: nobody
longva-bouvet |
Type: Bug | Status: new
Component: Core | Version: master
(Management commands) |
Severity: Normal | Keywords: check deploy
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-------------------------------------+-------------------------------------
If you run
{{{
manage.py check --deploy
}}}
on a Django project where you have explicitly set SECURE_HSTS_SECONDS = 0
in the settings file, you get a warning
{{{
?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS
setting. If your entire site is served only over SSL, you may want to
consider setting a value and enabling HTTP Strict Transport Security. Be
sure to read the documentation first; enabling HSTS carelessly can cause
serious, irreversible problems.
}}}
This warning should only appear if you have not specified
SECURE_HSTS_SECONDS anywhere.
--
Ticket URL: <https://code.djangoproject.com/ticket/31980>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.9e85c20af037f9c7e6edfcbb1abcbd22%40djangoproject.com.
