Skip to main content
Join the official Python Developers Survey 2018 and win valuable prizes: Start the survey!

Implement HSTS to force the use of HTTPS.

Project description

Forces the use of HTTPS using HTTP Strict Transport Security (HSTS).

Installation and Usage

Install the package, add django_hstsmiddleware to settings.INSTALLED_APPS, and add django_hstsmiddleware.middleware.HSTSMiddleware to the top of settings.MIDDLEWARE_CLASSES.

The following Django settings control its default behaviour:

settings.HSTS_REDIRECT_TO:

Specifies the URI to redirect a User Agent to, if it tries to use a non-secure connection. Responds with HTTP Moved Permanently.

Defaults to None, so no redirect occurs. Instead, responds with HTTP Bad Request.

settings.HSTS_MAX_AGE:

The maximum number of seconds that a User Agent will remember that this server must be contacted over HTTPS.

Defaults to 31536000, or approximately one year.

settings.HSTS_INCLUDE_SUBDOMAINS:

If true, tells a User Agent that all subdomains must also be contacted over HTTPS, in addition to the current domain.

Defaults to False

Project details


Release history Release notifications

This version
History Node

1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
django-hstsmiddleware-1.0.tar.gz (5.2 kB) Copy SHA256 hash SHA256 Source None Jul 15, 2011

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page