Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exclusively handle proxito HSTS from the backend #6994

Merged
merged 2 commits into from Apr 30, 2020

Conversation

davidfischer
Copy link
Contributor

@davidfischer davidfischer commented Apr 29, 2020

  • This will allow removing the HSTS config for proxito from nginx
  • This assumes we want HSTS for public domain subdomains if settings.PUBLIC_DOMAIN_USES_HTTPS

I didn't make HSTS for the public domain customizable (setting max-age, subdomains, etc.). However, we could add additional settings values for that. Both community and RTD for Business will use the same HSTS values.

- This will allow removing the HSTS config for proxito from nginx
- This assumes we want HSTS for public domain subdomains
  if settings.PUBLIC_DOMAIN_USES_HTTPS
@davidfischer davidfischer requested a review from Apr 29, 2020
Copy link
Member

@ericholscher ericholscher left a comment

🎉


if not request.is_secure():
# Only set the HSTS header if the request is over HTTPS
return response
Copy link
Member

@ericholscher ericholscher Apr 29, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 I ran into this earlier :)

readthedocs/proxito/middleware.py Outdated Show resolved Hide resolved
Co-Authored-By: Eric Holscher <25510+ericholscher@users.noreply.github.com>
@ericholscher ericholscher merged commit 3119816 into master Apr 30, 2020
2 checks passed
@ericholscher ericholscher deleted the davidfischer/fully-handle-proxito-hsts branch Apr 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants