mirror of
https://github.com/django/django.git
synced 2025-06-05 11:39:13 +00:00
Added note about Strict Transport Security (HSTS)
This commit is contained in:
parent
cff911f4ba
commit
ba141e6906
@ -147,6 +147,14 @@ server, there are some additional steps you may need:
|
|||||||
any POST data being accepted over HTTP (which will be fine if you are
|
any POST data being accepted over HTTP (which will be fine if you are
|
||||||
redirecting all HTTP traffic to HTTPS).
|
redirecting all HTTP traffic to HTTPS).
|
||||||
|
|
||||||
|
* Use HTTP Strict Transport Security (HSTS)
|
||||||
|
|
||||||
|
HSTS is an HTTP header that informs a browser that all future connections
|
||||||
|
to a particular site should always use HTTPS. Combined with redirecting
|
||||||
|
requests over HTTP to HTTPS, this will ensure that connections always enjoy
|
||||||
|
the added security of SSL provided one successful connection has occurred.
|
||||||
|
HSTS is usually configured on the web server.
|
||||||
|
|
||||||
.. _additional-security-topics:
|
.. _additional-security-topics:
|
||||||
|
|
||||||
Host headers and virtual hosting
|
Host headers and virtual hosting
|
||||||
|
Loading…
x
Reference in New Issue
Block a user