docs(security): hsts is disabled by default (eggjs#3972)

richard1015 · Oct 11, 2019 · be1b726 · be1b726
1 parent e5e9487
commit be1b726
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/docs/source/en/core/security.md b/docs/source/en/core/security.md
@@ -594,7 +594,7 @@ So, if you use the Egg framework to develop web site developers, please be sure
 
 For HTTPS, one should pay attention to is the HTTP transport security (HSTS) strictly, if you don't use HSTS, when a user input url in the browser without HTTPS, the browser will use HTTP access by default.
 
-Framework provides `HSTS Strict-Transport-security`, this header will be opened by default, then let the HTTPS site not redirect to HTTP. If your site supports HTTPS, be sure to open it.If our Web site is an HTTP site, we need to close this header.
+Framework has disableb `HSTS Strict-Transport-security` by default, then make the HTTPS site not redirect to HTTP. If your site supports HTTPS, be sure to open it.If our Web site is an HTTP site, we need to close this header.
 
 The configuration is as follows:
 

diff --git a/docs/source/zh-cn/core/security.md b/docs/source/zh-cn/core/security.md
@@ -585,7 +585,7 @@ HTTP 是网络应用广泛使用的协议，负责 Web 内容的请求和获取
 
 对于 HTTPS 来讲，还有一点要注意的是 HTTP 严格传输安全（HSTS），如果不使用 HSTS，当用户在浏览器中输入网址时没有加 HTTPS，浏览器会默认使用 HTTP 访问
 
-框架提供了 `hsts Strict-Transport-Security` 这个头的默认开启。让 HTTPS 站点不跳转到 HTTP，如果站点支持 HTTPS，请一定要开启。
+框架默认关闭了 `hsts Strict-Transport-Security`。使得 HTTPS 站点不跳转到 HTTP，如果站点支持 HTTPS，请一定要开启。
 
 如果我们的Web 站点是 http 站点，需要关闭这个头。配置如下：