django_hstsmiddleware / README.rst

Jody McIntyre 3138c2f 


































django-hstsmiddleware
=====================

Forces the use of `HTTPS` using `HTTP Strict Transport Security`
(HSTS).


Installation and Usage
----------------------

Install the package, add ``django_hstsmiddleware`` to
``settings.INSTALLED_APPS``, and add
``django_hstsmiddleware.middleware.HSTSMiddleware`` to the top of
``settings.MIDDLEWARE_CLASSES``.

The following Django settings control its default behaviour:

`settings.HSTS_REDIRECT_TO`:
    Specifies the URI to redirect a User Agent to, if it tries
    to use a non-secure connection. Responds with HTTP Moved
    Permanently.

    Defaults to ``None``, so no redirect occurs. Instead, responds
    with HTTP Bad Request.

`settings.HSTS_MAX_AGE`:
    The maximum number of seconds that a User Agent will remember
    that this server must be contacted over HTTPS.

    Defaults to ``31536000``, or approximately one year.

`settings.HSTS_INCLUDE_SUBDOMAINS`:
    If true, tells a User Agent that all subdomains must also be
    contacted over HTTPS, in addition to the current domain.

    Defaults to ``False``
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.