mirrors/django
mirrors/django
0
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-11-29 22:56:46 +01:00
Code Issues Releases Wiki Activity

Clarified that SECURE_REDIRECT_EXEMPT patterns should not include leading slashes.

Browse Source
This commit is contained in:
René Fleschenberg 2019-09-10 17:35:36 +02:00 committed by Mariusz Felisiak
parent e7cdb0cd7e
commit d232fd76a8
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/ref/settings.txt
View File

@ -2306,8 +2306,11 @@ available in ``request.META``.)
Default: ``[]`` (Empty list) Default: ``[]`` (Empty list)
If a URL path matches a regular expression in this list, the request will not be If a URL path matches a regular expression in this list, the request will not be
redirected to HTTPS. If :setting:`SECURE_SSL_REDIRECT` is ``False``, this redirected to HTTPS. The
setting has no effect. :class:`~django.middleware.security.SecurityMiddleware` strips leading slashes
from URL paths, so patterns shouldn't include them, e.g.
``SECURE_REDIRECT_EXEMPT = [r'^no-ssl/$', …]``. If
:setting:`SECURE_SSL_REDIRECT` is ``False``, this setting has no effect.
.. setting:: SECURE_REFERRER_POLICY .. setting:: SECURE_REFERRER_POLICY