vÅÏ^ìã@sddlmZddlmZmZmZmZdddddd d d hZd Zd Z edddƒZ edddƒZ edddƒZ edddƒZ edddƒZedddƒZeddede iddƒZeddd ƒZed!dd"ƒZed#dd$ƒZed%dd&ƒZed'dd(ƒZed)d*d+jd,jeeƒƒƒdd-ƒZd.d/„Zd0d1„Zeejd2d3ƒd4d5„ƒZeejd2d3ƒd6d7„ƒZeejd2d3ƒd8d9„ƒZeejd2d3ƒd:d;„ƒZ eejd2d3ƒd<d=„ƒZ!eejd2d3ƒd>d?„ƒZ"eejd2d3ƒd@dA„ƒZ#eejd2d3ƒdBdC„ƒZ$eejd2d3ƒdDdE„ƒZ%eejd2d3ƒdFdG„ƒZ&eejd2d3ƒdHdI„ƒZ'eejd2d3ƒdJdK„ƒZ(dLS)Mé)Úsettingsé)ÚErrorÚTagsÚWarningÚregisterz no-referrerzno-referrer-when-downgradeÚoriginzorigin-when-cross-originz same-originz strict-originzstrict-origin-when-cross-originz unsafe-urlé2ézôYou do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, SECURE_REFERRER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.Úidz security.W001a3You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.z security.W002a,You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.z security.W004aYou have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.z security.W005zûYour SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'X-Content-Type-Options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.z security.W006aYour SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.z security.W008zîYour SECRET_KEY has less than %(min_length)s characters or less than %(min_unique_chars)s unique characters. Please generate a long and random SECRET_KEY, otherwise many of Django's security-critical features will be vulnerable to attack.Z min_lengthZmin_unique_charsz security.W009z4You should not have DEBUG set to True in deployment.z security.W018zöYou have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. Unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.z security.W019z.ALLOWED_HOSTS must not be empty in deployment.z security.W020z‚You have not set the SECURE_HSTS_PRELOAD setting to True. Without this, your site cannot be submitted to the browser preload list.z security.W021z¶You have not set the SECURE_REFERRER_POLICY setting. Without this, your site will not send a Referrer-Policy header. You should consider enabling this header to protect user privacy.z security.W022zDYou have set the SECURE_REFERRER_POLICY setting to an invalid value.ZhintzValid values are: {}.z, z security.E023cCs dtjkS)Nz-django.middleware.security.SecurityMiddleware)rÚ MIDDLEWARE©r r úB/tmp/pip-build-8lau8j11/django/django/core/checks/security/base.pyÚ_security_middlewarewsrcCs dtjkS)Nz6django.middleware.clickjacking.XFrameOptionsMiddleware)rr r r r rÚ_xframe_middleware{srZdeployTcKstƒ}|rgStgS)N)rÚW001)Ú app_configsÚkwargsÚ passed_checkr r rÚcheck_security_middlewares rcKstƒ}|rgStgS)N)rÚW002)rrrr r rÚcheck_xframe_options_middleware…s rcKs$tƒ ptj}|rgStgS)N)rrÚSECURE_HSTS_SECONDSÚW004)rrrr r rÚ check_sts‹srcKs4tƒ p tj p tjdk}|r-gStgS)NT)rrrZSECURE_HSTS_INCLUDE_SUBDOMAINSÚW005)rrrr r rÚcheck_sts_include_subdomains‘s  rcKs4tƒ p tj p tjdk}|r-gStgS)NT)rrrZSECURE_HSTS_PRELOADÚW021)rrrr r rÚcheck_sts_preload›s  rcKs*tƒ ptjdk}|r#gStgS)NT)rrZSECURE_CONTENT_TYPE_NOSNIFFÚW006)rrrr r rÚcheck_content_type_nosniff¥s r cKs*tƒ ptjdk}|r#gStgS)NT)rrZSECURE_SSL_REDIRECTÚW008)rrrr r rÚcheck_ssl_redirect®s r"cKsSttddƒo?tttjƒƒtko?ttjƒtk}|rLgStgS)NÚ SECRET_KEY)ÚgetattrrÚlenÚsetr#Ú SECRET_KEY_MIN_UNIQUE_CHARACTERSÚSECRET_KEY_MIN_LENGTHÚW009)rrrr r rÚcheck_secret_key·sr*cKstj }|rgStgS)N)rÚDEBUGÚW018)rrrr r rÚ check_debugÁs r-cKs*tƒ ptjdk}|r#gStgS)NZDENY)rrZX_FRAME_OPTIONSÚW019)rrrr r rÚcheck_xframe_denyÇs r/cKstjr gStgS)N)rZ ALLOWED_HOSTSÚW020)rrr r rÚcheck_allowed_hostsÐsr1cKsytƒrutjdkrtgSttjtƒrSdd„tjjdƒDƒ}nttjƒ}|tksut gSgS)NcSsh|]}|jƒ’qSr )Ústrip)Ú.0Úvr r rú Üs z(check_referrer_policy..ú,) rrZSECURE_REFERRER_POLICYÚW022Ú isinstanceÚstrÚsplitr&ÚREFERRER_POLICY_VALUESÚE023)rrÚvaluesr r rÚcheck_referrer_policyÕs " r>N))Z django.confrÚrrrrr;r(r'rrrrrr!r)r,r.r0rr7ÚformatÚjoinÚsortedr<rrÚsecurityrrrrrr r"r*r-r/r1r>r r r rÚs|"                   !!!! ! ! ! ! !! !