#31980: manage.py check --deploy should not throw security.W004 warning if
SECURE_HSTS_SECONDS is explicitly set to 0
-------------------------------------+-------------------------------------
Reporter: magnus- | Owner: nobody
longva-bouvet |
Type: Bug | Status: new
Component: Core | Version: master
(Management commands) |
Severity: Normal | Keywords: check deploy
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-------------------------------------+-------------------------------------
If you run
{{{
manage.py check --deploy
}}}
on a Django project where you have explicitly set SECURE_HSTS_SECONDS = 0
in the settings file, you get a warning
{{{
?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS
setting. If your entire site is served only over SSL, you may want to
consider setting a value and enabling HTTP Strict Transport Security. Be
sure to read the documentation first; enabling HSTS carelessly can cause
serious, irreversible problems.
}}}
This warning should only appear if you have not specified
SECURE_HSTS_SECONDS anywhere.
--
Ticket URL: <https://code.djangoproject.com/ticket/31980>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.9e85c20af037f9c7e6edfcbb1abcbd22%40djangoproject.com.
