vÅÏ^þ ã@s2ddlmZddlmZmZmZdd„ZeedƒddƒZeed ƒdd ƒZeed ƒdd ƒZ d d„Z ee dƒddƒZ ee dƒddƒZ ee dƒddƒZ eejddƒdd„ƒZeejddƒdd„ƒZdd„Zdd„ZdS) é)Úsettingsé)ÚTagsÚWarningÚregistercCs|dS)Nzq Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.©)ÚmessagerrúF/tmp/pip-build-8lau8j11/django/django/core/checks/security/sessions.pyÚadd_session_cookie_messagesr znYou have 'django.contrib.sessions' in your INSTALLED_APPS, but you have not set SESSION_COOKIE_SECURE to True.Úidz security.W010z‡You have 'django.contrib.sessions.middleware.SessionMiddleware' in your MIDDLEWARE, but you have not set SESSION_COOKIE_SECURE to True.z security.W011z)SESSION_COOKIE_SECURE is not set to True.z security.W012cCs|dS)Nzs Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.r)rrrr Úadd_httponly_message$sr zpYou have 'django.contrib.sessions' in your INSTALLED_APPS, but you have not set SESSION_COOKIE_HTTPONLY to True.z security.W013z‰You have 'django.contrib.sessions.middleware.SessionMiddleware' in your MIDDLEWARE, but you have not set SESSION_COOKIE_HTTPONLY to True.z security.W014z+SESSION_COOKIE_HTTPONLY is not set to True.z security.W015ZdeployTcKsZg}tjsVtƒr%|jtƒtƒr;|jtƒt|ƒdkrVtg}|S)Né) rZSESSION_COOKIE_SECUREÚ _session_appÚappendÚW010Ú_session_middlewareÚW011ÚlenÚW012)Ú app_configsÚkwargsÚerrorsrrr Úcheck_session_cookie_secureBs      rcKsZg}tjsVtƒr%|jtƒtƒr;|jtƒt|ƒdkrVtg}|S)Nr ) rZSESSION_COOKIE_HTTPONLYrrÚW013rÚW014rÚW015)rrrrrr Úcheck_session_cookie_httponlyOs      rcCs dtjkS)Nz4django.contrib.sessions.middleware.SessionMiddleware)rZ MIDDLEWARErrrr r\srcCs dtjkS)Nzdjango.contrib.sessions)rZINSTALLED_APPSrrrr r`srN)Z django.confrÚrrrr rrrr rrrÚsecurityrrrrrrrr Ús:              ! !