diff options
| author | René Fleschenberg <rene@fleschenberg.net> | 2019-09-10 17:35:36 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-10-11 16:07:38 +0200 |
| commit | d4d37d09008f920c8cd4faa9ec075de51da0a36f (patch) | |
| tree | 666c4ca85222788399e30b85a4d5323e300888c0 /docs/ref | |
| parent | 323467e286787684de18d2731776c71667a296be (diff) | |
[2.2.x] Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading slashes.
Backport of d232fd76a85870daf345fd8f8d617fe7802ae194 from master
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/settings.txt | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 7937995442..dc247d0bb5 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -2279,8 +2279,11 @@ available in ``request.META``.) Default: ``[]`` (Empty list) If a URL path matches a regular expression in this list, the request will not be -redirected to HTTPS. If :setting:`SECURE_SSL_REDIRECT` is ``False``, this -setting has no effect. +redirected to HTTPS. The +:class:`~django.middleware.security.SecurityMiddleware` strips leading slashes +from URL paths, so patterns shouldn't include them, e.g. +``SECURE_REDIRECT_EXEMPT = [r'^no-ssl/$', …]``. If +:setting:`SECURE_SSL_REDIRECT` is ``False``, this setting has no effect. .. setting:: SECURE_SSL_HOST |
