Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#30356 closed Bug (invalid)

HSTS disabled in admin pages — at Version 2

Reported by: ObserverOfTime Owned by: nobody
Component: Uncategorized Version: 2.1
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by ObserverOfTime)

I've made a site using Django v2.1.7 & nginx v1.10.3 and I've set the Strict-Transport-Security header in nginx:

add_header Strict-Transport-Security
        "max-age=15768000; includeSubDomains; preload" always;

The header shows up as expected when querying any page, except for pages under /admin.
Not sure if this is a bug in Django or nginx, or if I messed something up.

Update: turns out nginx was not inheriting the header in that path so it's not a Django bug.

Change History (2)

comment:1 by Tim Graham, 6 years ago

Resolution: needsinfo
Status: newclosed

This ticket tracker isn't a support channel to debug issues. You need to investigate the problem yourself and explain why Django is at fault.

comment:2 by ObserverOfTime, 6 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top