summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/ref/middleware.txt4
-rw-r--r--docs/ref/settings.txt2
-rw-r--r--tests/middleware/test_security.py4
3 files changed, 5 insertions, 5 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt
index 371121c30e..cee18ea058 100644
--- a/docs/ref/middleware.txt
+++ b/docs/ref/middleware.txt
@@ -255,8 +255,8 @@ so that infrequent visitors will be protected (31536000 seconds, i.e. 1 year,
is common).
Additionally, if you set the :setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting
-to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` tag to
-the ``Strict-Transport-Security`` header. This is recommended (assuming all
+to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` directive
+to the ``Strict-Transport-Security`` header. This is recommended (assuming all
subdomains are served exclusively using HTTPS), otherwise your site may still
be vulnerable via an insecure connection to a subdomain.
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 225c22a84f..9e0d8b8d41 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -2053,7 +2053,7 @@ already have it.
Default: ``False``
If ``True``, the :class:`~django.middleware.security.SecurityMiddleware` adds
-the ``includeSubDomains`` tag to the :ref:`http-strict-transport-security`
+the ``includeSubDomains`` directive to the :ref:`http-strict-transport-security`
header. It has no effect unless :setting:`SECURE_HSTS_SECONDS` is set to a
non-zero value.
diff --git a/tests/middleware/test_security.py b/tests/middleware/test_security.py
index 2b6a54eb17..f671600c49 100644
--- a/tests/middleware/test_security.py
+++ b/tests/middleware/test_security.py
@@ -83,7 +83,7 @@ class SecurityMiddlewareTest(SimpleTestCase):
"""
With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS
True, the middleware adds a "strict-transport-security" header with the
- "includeSubDomains" tag to the response.
+ "includeSubDomains" directive to the response.
"""
response = self.process_response(secure=True)
self.assertEqual(response["strict-transport-security"], "max-age=600; includeSubDomains")
@@ -94,7 +94,7 @@ class SecurityMiddlewareTest(SimpleTestCase):
"""
With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS
False, the middleware adds a "strict-transport-security" header without
- the "includeSubDomains" tag to the response.
+ the "includeSubDomains" directive to the response.
"""
response = self.process_response(secure=True)
self.assertEqual(response["strict-transport-security"], "max-age=600")