首頁 探索 說明
登入
CityApper
/
django
镜像来自 https://github.com/django/django
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

Fixed docs to refer to HSTS includeSubdomains as a directive.

The spec refers to it as a 'directive' rather than a 'tag':
https://tools.ietf.org/html/rfc6797#section-6.1.2
Ed Morley 8 年之前
父節點
004ba05bca
當前提交
8c3bc5cd78
共有 3 個文件被更改,包括 5 次插入5 次删除
分割檢視 顯示文件統計
  1. 2 2
      docs/ref/middleware.txt
  2. 1 1
      docs/ref/settings.txt
  3. 2 2
      tests/middleware/test_security.py

+ 2 - 2
docs/ref/middleware.txt
查看文件 

@@ -255,8 +255,8 @@ so that infrequent visitors will be protected (31536000 seconds, i.e. 1 year,
 
 is common).
 
 
 Additionally, if you set the :setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting
 
-to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` tag to
 
-the ``Strict-Transport-Security`` header. This is recommended (assuming all
 
+to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` directive
 
+to the ``Strict-Transport-Security`` header. This is recommended (assuming all
 
 subdomains are served exclusively using HTTPS), otherwise your site may still
 
 be vulnerable via an insecure connection to a subdomain.

+ 1 - 1
docs/ref/settings.txt
查看文件 

@@ -2053,7 +2053,7 @@ already have it.
 
 Default: ``False``
 
 
 If ``True``, the :class:`~django.middleware.security.SecurityMiddleware` adds
 
-the ``includeSubDomains`` tag to the :ref:`http-strict-transport-security`
 
+the ``includeSubDomains`` directive to the :ref:`http-strict-transport-security`
 
 header. It has no effect unless :setting:`SECURE_HSTS_SECONDS` is set to a
 
 non-zero value.

+ 2 - 2
tests/middleware/test_security.py
查看文件 

@@ -83,7 +83,7 @@ class SecurityMiddlewareTest(SimpleTestCase):
 
         """
 
         With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS
 
         True, the middleware adds a "strict-transport-security" header with the
 
-        "includeSubDomains" tag to the response.
 
+        "includeSubDomains" directive to the response.
 
         """
 
         response = self.process_response(secure=True)
 
         self.assertEqual(response["strict-transport-security"], "max-age=600; includeSubDomains")
 
@@ -94,7 +94,7 @@ class SecurityMiddlewareTest(SimpleTestCase):
 
         """
 
         With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS
 
         False, the middleware adds a "strict-transport-security" header without
 
-        the "includeSubDomains" tag to the response.
 
+        the "includeSubDomains" directive to the response.
 
         """
 
         response = self.process_response(secure=True)
 
         self.assertEqual(response["strict-transport-security"], "max-age=600")