[Django] #30356: HSTS disabled in admin pages
Django
------------------------------------------+------------------------
Reporter: ObserverOfTime | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 2.1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------+------------------------
I've made a [https://arc-relight.site site] using {{{Django v2.1.7}}} &
{{{nginx v1.10.3}}} and I've set the {{{Strict-Transport-Security}}}
header in nginx:
{{{
add_header Strict-Transport-Security
"max-age=15768000; includeSubDomains; preload" always;
}}}
The header shows up as expected when querying any page, except for pages
under {{{/admin}}}.
Not sure if this is a bug in Django or nginx, or if I messed something up.
--
Ticket URL: <https://code.djangoproject.com/ticket/30356>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: ObserverOfTime | Owner: nobody
Type: Bug | Status: closed
Component: Uncategorized | Version: 2.1
Severity: Normal | Resolution: needsinfo
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham):
* status: new => closed
* resolution: => needsinfo
Comment:
This ticket tracker isn't a [wiki:TicketClosingReasons/UseSupportChannels
support channel] to debug issues. You need to investigate the problem
yourself and explain why Django is at fault.
--
Ticket URL: <https://code.djangoproject.com/ticket/30356#comment:1>
Django
Reporter: ObserverOfTime | Owner: nobody
Type: Bug | Status: closed
Component: Uncategorized | Version: 2.1
Severity: Normal | Resolution: needsinfo
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Description changed by ObserverOfTime:
Old description:
> I've made a [https://arc-relight.site site] using {{{Django v2.1.7}}} &
> {{{nginx v1.10.3}}} and I've set the {{{Strict-Transport-Security}}}
> header in nginx:
>
> {{{
> add_header Strict-Transport-Security
> "max-age=15768000; includeSubDomains; preload" always;
> }}}
>
> The header shows up as expected when querying any page, except for pages
> under {{{/admin}}}.
> Not sure if this is a bug in Django or nginx, or if I messed something
> up.
New description:
I've made a [https://arc-relight.site site] using {{{Django v2.1.7}}} &
{{{nginx v1.10.3}}} and I've set the {{{Strict-Transport-Security}}}
header in nginx:
{{{
add_header Strict-Transport-Security
"max-age=15768000; includeSubDomains; preload" always;
}}}
The header shows up as expected when querying any page, except for pages
under {{{/admin}}}.
Not sure if this is a bug in Django or nginx, or if I messed something up.
Update: turns out nginx was not inheriting the header in that path so it's
not a Django bug.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/30356#comment:2>
Django
Reporter: ObserverOfTime | Owner: nobody
Type: Bug | Status: closed
Component: Uncategorized | Version: 2.1
Severity: Normal | Resolution: invalid
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by ObserverOfTime):
* resolution: needsinfo => invalid
--
Ticket URL: <https://code.djangoproject.com/ticket/30356#comment:3>