On 2014-04-24 17:55, Mike Dewhirst wrote: > I suppose it depends on your site. In my case it was Apache rather > than nginx and pretty much all I had to do was establish a redirect > so any url with http://blah.blah went to https://... instead.
If you're redirecting to HTTPS regardless of the URL used and never serving content over HTTP(nonS), you might want to include HSTS headers to allow the browser to cache your redirect for a specified age. You can read up at http://en.wikipedia.org/wiki/Strict_Transport_Security and it's as simple as including one header in your response, and then the browser knows that, even if the user types "http://example.com"; the browser should automatically change that to be "https://example.com"; even without talking to the server. -tkc -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20140424074330.11fecc68%40bigbox.christie.dr. For more options, visit https://groups.google.com/d/optout.
