#31980: manage.py check --deploy should not throw security.W004 warning if SECURE_HSTS_SECONDS is explicitly set to 0 -------------------------------------+------------------------------------- Reporter: magnus- | Owner: nobody longva-bouvet | Type: Bug | Status: new Component: Core | Version: master (Management commands) | Severity: Normal | Keywords: check deploy Triage Stage: | Has patch: 0 Unreviewed | Needs documentation: 0 | Needs tests: 0 Patch needs improvement: 0 | Easy pickings: 1 UI/UX: 0 | -------------------------------------+------------------------------------- If you run {{{ manage.py check --deploy }}} on a Django project where you have explicitly set SECURE_HSTS_SECONDS = 0 in the settings file, you get a warning
{{{ ?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems. }}} This warning should only appear if you have not specified SECURE_HSTS_SECONDS anywhere. -- Ticket URL: <https://code.djangoproject.com/ticket/31980> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/063.9e85c20af037f9c7e6edfcbb1abcbd22%40djangoproject.com.