Implement HSTS to force the use of HTTPS.
Project description
Forces the use of HTTPS using HTTP Strict Transport Security (HSTS).
Installation and Usage
Install the package, add django_hstsmiddleware to settings.INSTALLED_APPS, and add django_hstsmiddleware.middleware.HSTSMiddleware to the top of settings.MIDDLEWARE_CLASSES.
The following Django settings control its default behaviour:
- settings.HSTS_REDIRECT_TO:
Specifies the URI to redirect a User Agent to, if it tries to use a non-secure connection. Responds with HTTP Moved Permanently.
Defaults to None, so no redirect occurs. Instead, responds with HTTP Bad Request.
- settings.HSTS_MAX_AGE:
The maximum number of seconds that a User Agent will remember that this server must be contacted over HTTPS.
Defaults to 31536000, or approximately one year.
- settings.HSTS_INCLUDE_SUBDOMAINS:
If true, tells a User Agent that all subdomains must also be contacted over HTTPS, in addition to the current domain.
Defaults to False
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for django-hstsmiddleware-1.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | e3c03c8d58909c2abc9059ca19a1451fd9fa659e39d14697abe5c9a4b0f7509a |
|
MD5 | 78d2a53d0659738c5ed46ef7687183cb |
|
BLAKE2b-256 | 4b62ac6c7d239c4955bc2e733dd592ae7775a43702d7fd47a2618b6e56b9b591 |