3
v^                 @   sp   d dl mZ ddlmZmZmZ edddZedddZd	d
 Zeej	dddd Z
eej	dddd ZdS )    )settings   )TagsWarningregistera  You don't appear to be using Django's built-in cross-site request forgery protection via the middleware ('django.middleware.csrf.CsrfViewMiddleware' is not in your MIDDLEWARE). Enabling the middleware is the safest approach to ensure you don't leave any holes.zsecurity.W003)idzYou have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.zsecurity.W016c               C   s
   dt jkS )Nz)django.middleware.csrf.CsrfViewMiddleware)r   
MIDDLEWARE r	   r	   D/usr/lib/python3.6/site-packages/django/core/checks/security/csrf.py_csrf_middleware   s    r   T)deployc             K   s   t  }|rg S tgS )N)r   W003)app_configskwargspassed_checkr	   r	   r
   check_csrf_middleware   s    r   c             K   s"   t jpt  pt j}|rg S tgS )N)r   CSRF_USE_SESSIONSr   CSRF_COOKIE_SECUREW016)r   r   r   r	   r	   r
   check_csrf_cookie_secure!   s    r   N)django.confr    r   r   r   r   r   r   securityr   r   r	   r	   r	   r
   <module>   s   