Implement HSTS to force the use of HTTPS.
Project description
Forces the use of HTTPS using HTTP Strict Transport Security (HSTS).
Installation and Usage
Install the package, add django_hstsmiddleware to settings.INSTALLED_APPS, and add django_hstsmiddleware.middleware.HSTSMiddleware to the top of settings.MIDDLEWARE_CLASSES.
The following Django settings control its default behaviour:
- settings.HSTS_REDIRECT_TO:
Specifies the URI to redirect a User Agent to, if it tries to use a non-secure connection. Responds with HTTP Moved Permanently.
Defaults to None, so no redirect occurs. Instead, responds with HTTP Bad Request.
- settings.HSTS_MAX_AGE:
The maximum number of seconds that a User Agent will remember that this server must be contacted over HTTPS.
Defaults to 31536000, or approximately one year.
- settings.HSTS_INCLUDE_SUBDOMAINS:
If true, tells a User Agent that all subdomains must also be contacted over HTTPS, in addition to the current domain.
Defaults to False
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file django-hstsmiddleware-1.0.tar.gz.
File metadata
- Download URL: django-hstsmiddleware-1.0.tar.gz
- Upload date:
- Size: 5.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e3c03c8d58909c2abc9059ca19a1451fd9fa659e39d14697abe5c9a4b0f7509a |
|
| MD5 | 78d2a53d0659738c5ed46ef7687183cb |
|
| BLAKE2b-256 | 4b62ac6c7d239c4955bc2e733dd592ae7775a43702d7fd47a2618b6e56b9b591 |
