diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/middleware.txt | 4 | ||||
| -rw-r--r-- | docs/ref/settings.txt | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt index 371121c30e..cee18ea058 100644 --- a/docs/ref/middleware.txt +++ b/docs/ref/middleware.txt @@ -255,8 +255,8 @@ so that infrequent visitors will be protected (31536000 seconds, i.e. 1 year, is common). Additionally, if you set the :setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting -to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` tag to -the ``Strict-Transport-Security`` header. This is recommended (assuming all +to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` directive +to the ``Strict-Transport-Security`` header. This is recommended (assuming all subdomains are served exclusively using HTTPS), otherwise your site may still be vulnerable via an insecure connection to a subdomain. diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 225c22a84f..9e0d8b8d41 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -2053,7 +2053,7 @@ already have it. Default: ``False`` If ``True``, the :class:`~django.middleware.security.SecurityMiddleware` adds -the ``includeSubDomains`` tag to the :ref:`http-strict-transport-security` +the ``includeSubDomains`` directive to the :ref:`http-strict-transport-security` header. It has no effect unless :setting:`SECURE_HSTS_SECONDS` is set to a non-zero value. |
