summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorEd Morley <emorley@mozilla.com>2016-07-28 17:30:16 +0100
committerTim Graham <timograham@gmail.com>2016-08-08 20:22:09 -0400
commit233ec837f611fb8da56b8e67f9a95854470c0df8 (patch)
tree4108b8ffc757b09ccf9ce61eefc4490abb76944c /docs/ref
parentc66f5d058a8753143c12ec1bf55111a9d7f233bf (diff)
[1.10.x] Fixed docs to refer to HSTS includeSubdomains as a directive.
The spec refers to it as a 'directive' rather than a 'tag': https://tools.ietf.org/html/rfc6797#section-6.1.2 Backport of 8c3bc5cd7801a307a0bc2969abebe7a6ca48d17f from master
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/middleware.txt4
-rw-r--r--docs/ref/settings.txt2
2 files changed, 3 insertions, 3 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt
index 961e4a272f..2d1d0f9604 100644
--- a/docs/ref/middleware.txt
+++ b/docs/ref/middleware.txt
@@ -249,8 +249,8 @@ so that infrequent visitors will be protected (31536000 seconds, i.e. 1 year,
is common).
Additionally, if you set the :setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting
-to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` tag to
-the ``Strict-Transport-Security`` header. This is recommended (assuming all
+to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` directive
+to the ``Strict-Transport-Security`` header. This is recommended (assuming all
subdomains are served exclusively using HTTPS), otherwise your site may still
be vulnerable via an insecure connection to a subdomain.
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 3cb6b0408e..7e83d424d7 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -2040,7 +2040,7 @@ already have it.
Default: ``False``
If ``True``, the :class:`~django.middleware.security.SecurityMiddleware` adds
-the ``includeSubDomains`` tag to the :ref:`http-strict-transport-security`
+the ``includeSubDomains`` directive to the :ref:`http-strict-transport-security`
header. It has no effect unless :setting:`SECURE_HSTS_SECONDS` is set to a
non-zero value.