summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorRené Fleschenberg <rene@fleschenberg.net>2019-09-10 17:35:36 +0200
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2019-10-11 16:07:05 +0200
commite0a869b208750e179e0924337af1c06929eff72a (patch)
tree9ba6932c5607ee18eefc0feef32331fe1459dd30 /docs
parent651299e1ef896210035cf9e6992b07aa02a5aac1 (diff)
[3.0.x] Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading slashes.
Backport of d232fd76a85870daf345fd8f8d617fe7802ae194 from master
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/settings.txt7
1 files changed, 5 insertions, 2 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 75eaf25613..512220176b 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -2316,8 +2316,11 @@ available in ``request.META``.)
Default: ``[]`` (Empty list)
If a URL path matches a regular expression in this list, the request will not be
-redirected to HTTPS. If :setting:`SECURE_SSL_REDIRECT` is ``False``, this
-setting has no effect.
+redirected to HTTPS. The
+:class:`~django.middleware.security.SecurityMiddleware` strips leading slashes
+from URL paths, so patterns shouldn't include them, e.g.
+``SECURE_REDIRECT_EXEMPT = [r'^no-ssl/$', …]``. If
+:setting:`SECURE_SSL_REDIRECT` is ``False``, this setting has no effect.
.. setting:: SECURE_REFERRER_POLICY