On 2014-04-24 17:55, Mike Dewhirst wrote: > I suppose it depends on your site. In my case it was Apache rather > than nginx and pretty much all I had to do was establish a redirect > so any url with http://blah.blah went to https://... instead.
If you're redirecting to HTTPS regardless of the URL used and never serving content over HTTP(nonS), you might want to include HSTS headers to allow the browser to cache your redirect for a specified age. You can read up at http://en.wikipedia.org/wiki/Strict_Transport_Security and it's as simple as including one header in your response, and then the browser knows that, even if the user types "http://example.com"; the browser should automatically change that to be "https://example.com"; even without talking to the server. -tkc -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20140424074330.11fecc68%40bigbox.christie.dr. For more options, visit https://groups.google.com/d/optout.
