Source

django_hstsmiddleware /

Filename Size Date modified Message
django_hstsmiddleware
62 B
1.5 KB
35 B
1.3 KB
770 B

Warning: TrustCentric is no longer actively maintaining this software.

We recommend django-secure: http://pypi.python.org/pypi/django-secure

django-hstsmiddleware

Forces the use of HTTPS using HTTP Strict Transport Security (HSTS).

Installation and Usage

Install the package, add django_hstsmiddleware to settings.INSTALLED_APPS, and add django_hstsmiddleware.middleware.HSTSMiddleware to the top of settings.MIDDLEWARE_CLASSES.

The following Django settings control its default behaviour:

settings.HSTS_REDIRECT_TO:

Specifies the URI to redirect a User Agent to, if it tries to use a non-secure connection. Responds with HTTP Moved Permanently.

Defaults to None, so no redirect occurs. Instead, responds with HTTP Bad Request.

settings.HSTS_MAX_AGE:

The maximum number of seconds that a User Agent will remember that this server must be contacted over HTTPS.

Defaults to 31536000, or approximately one year.

settings.HSTS_INCLUDE_SUBDOMAINS:

If true, tells a User Agent that all subdomains must also be contacted over HTTPS, in addition to the current domain.

Defaults to False