3 v^@sddlmZddlmZmZmZmZdddddd d d hZd Zd Z edddZ edddZ edddZ edddZ edddZedddZedee dddZedddZed d!dZed"d#dZed$d%dZed&d'dZed(d)jd*jeed+d,Zd-d.Zd/d0Zeejd1d2d3d4Zeejd1d2d5d6Zeejd1d2d7d8Zeejd1d2d9d:Z eejd1d2d;d<Z!eejd1d2d=d>Z"eejd1d2d?d@Z#eejd1d2dAdBZ$eejd1d2dCdDZ%eejd1d2dEdFZ&eejd1d2dGdHZ'eejd1d2dIdJZ(dKS)L)settings)ErrorTagsWarningregisterz no-referrerzno-referrer-when-downgradeoriginzorigin-when-cross-originz same-originz strict-originzstrict-origin-when-cross-originz unsafe-url2zYou do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, SECURE_REFERRER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.z security.W001)ida3You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.z security.W002a,You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.z security.W004aYou have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.z security.W005zYour SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'X-Content-Type-Options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.z security.W006aYour SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.z security.W008zYour SECRET_KEY has less than %(min_length)s characters or less than %(min_unique_chars)s unique characters. Please generate a long and random SECRET_KEY, otherwise many of Django's security-critical features will be vulnerable to attack.)Z min_lengthZmin_unique_charsz security.W009z4You should not have DEBUG set to True in deployment.z security.W018zYou have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. Unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.z security.W019z.ALLOWED_HOSTS must not be empty in deployment.z security.W020zYou have not set the SECURE_HSTS_PRELOAD setting to True. Without this, your site cannot be submitted to the browser preload list.z security.W021zYou have not set the SECURE_REFERRER_POLICY setting. Without this, your site will not send a Referrer-Policy header. You should consider enabling this header to protect user privacy.z security.W022zDYou have set the SECURE_REFERRER_POLICY setting to an invalid value.zValid values are: {}.z, z security.E023)hintr cCs dtjkS)Nz-django.middleware.security.SecurityMiddleware)r MIDDLEWARErrD/usr/lib/python3.6/site-packages/django/core/checks/security/base.py_security_middlewarewsrcCs dtjkS)Nz6django.middleware.clickjacking.XFrameOptionsMiddleware)rr rrrr_xframe_middleware{srT)deploycKst}|rgStgS)N)rW001) app_configskwargs passed_checkrrrcheck_security_middlewaresrcKst}|rgStgS)N)rW002)rrrrrrcheck_xframe_options_middlewaresrcKst p tj}|rgStgS)N)rrSECURE_HSTS_SECONDSW004)rrrrrr check_stssrcKs(t ptj ptjdk}|r"gStgS)NT)rrrSECURE_HSTS_INCLUDE_SUBDOMAINSW005)rrrrrrcheck_sts_include_subdomainss rcKs(t ptj ptjdk}|r"gStgS)NT)rrrSECURE_HSTS_PRELOADW021)rrrrrrcheck_sts_preloads r"cKs t ptjdk}|rgStgS)NT)rrSECURE_CONTENT_TYPE_NOSNIFFW006)rrrrrrcheck_content_type_nosniffs r%cKs t ptjdk}|rgStgS)NT)rrSECURE_SSL_REDIRECTW008)rrrrrrcheck_ssl_redirects r(cKs:ttddo*tttjtko*ttjtk}|r4gStgS)N SECRET_KEY)getattrrlensetr) SECRET_KEY_MIN_UNIQUE_CHARACTERSSECRET_KEY_MIN_LENGTHW009)rrrrrrcheck_secret_keys r0cKstj }|rgStgS)N)rDEBUGW018)rrrrrr check_debugsr3cKs t ptjdk}|rgStgS)NDENY)rrX_FRAME_OPTIONSW019)rrrrrrcheck_xframe_denys r7cKstjr gStgS)N)r ALLOWED_HOSTSW020)rrrrrcheck_allowed_hostssr:cKsVtrRtjdkrtgSttjtr:ddtjjdD}n ttj}|tksRt gSgS)NcSsh|] }|jqSr)strip).0vrrr sz(check_referrer_policy..,) rrSECURE_REFERRER_POLICYW022 isinstancestrsplitr,REFERRER_POLICY_VALUESE023)rrvaluesrrrcheck_referrer_policys   rHN)) django.confrrrrrrEr.r-rrrrr$r'r/r2r6r9r!rAformatjoinsortedrFrrsecurityrrrrr"r%r(r0r3r7r:rHrrrrs|