HEX

File: //usr/lib/python3/dist-packages/django/core/checks/security/__pycache__/base.cpython-310.pyc
o

3�a��@s8ddlmZddlmZddlmZmZmZmZhd�Z	dZ
dZdZed	d
d�Z
edd
d�Zeddd�Zeddd�Zeddd�Zeddd�Zedeee
d�dd�Zeddd�Zeddd�Zeddd�Zedd d�Zed!d"d�Zed#d$�d%�ee	���d&d'�Zed(d)d�Zd*d+�Zd,d-�Zeej d.d/�d0d1��Z!eej d.d/�d2d3��Z"eej d.d/�d4d5��Z#eej d.d/�d6d7��Z$eej d.d/�d8d9��Z%eej d.d/�d:d;��Z&eej d.d/�d<d=��Z'eej d.d/�d>d?��Z(eej d.d/�d@dA��Z)eej d.d/�dBdC��Z*eej d.d/�dDdE��Z+eej d.d/�dFdG��Z,eej �dHdI��Z-dJS)K�)�settings)�ImproperlyConfigured�)�Error�Tags�Warning�register>�
unsafe-url�no-referrer�same-origin�
strict-origin�origin-when-cross-origin�no-referrer-when-downgrade�strict-origin-when-cross-origin�originzdjango-insecure-�2�z�You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, SECURE_REFERRER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.z
security.W001)�ida3You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.z
security.W002a,You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.z
security.W004aYou have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.z
security.W005z�Your SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'X-Content-Type-Options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.z
security.W006aYour SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.z
security.W008aRYour SECRET_KEY has less than %(min_length)s characters, less than %(min_unique_chars)s unique characters, or it's prefixed with '%(insecure_prefix)s' indicating that it was generated automatically by Django. Please generate a long and random SECRET_KEY, otherwise many of Django's security-critical features will be vulnerable to attack.)�
min_length�min_unique_chars�insecure_prefixz
security.W009z4You should not have DEBUG set to True in deployment.z
security.W018z�You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. Unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.z
security.W019z.ALLOWED_HOSTS must not be empty in deployment.z
security.W020z�You have not set the SECURE_HSTS_PRELOAD setting to True. Without this, your site cannot be submitted to the browser preload list.z
security.W021z�You have not set the SECURE_REFERRER_POLICY setting. Without this, your site will not send a Referrer-Policy header. You should consider enabling this header to protect user privacy.z
security.W022zDYou have set the SECURE_REFERRER_POLICY setting to an invalid value.zValid values are: {}.z, z
security.E023)�hintrz5DEFAULT_HASHING_ALGORITHM must be 'sha1' or 'sha256'.z
security.E100cC�
dtjvS)Nz-django.middleware.security.SecurityMiddleware�r�
MIDDLEWARE�rr�B/usr/lib/python3/dist-packages/django/core/checks/security/base.py�_security_middleware��
rcCr)Nz6django.middleware.clickjacking.XFrameOptionsMiddlewarerrrrr�_xframe_middleware�rrT)�deploycK�t�}|rgStgS�N)r�W001��app_configs�kwargs�passed_checkrrr�check_security_middleware��r(cKr!r")r�W002r$rrr�check_xframe_options_middleware�r)r+cKst�ptj}|rgStgSr")rr�SECURE_HSTS_SECONDS�W004r$rrr�	check_sts�sr.cK�(t�ptjptjdu}|rgStgS�NT)rrr,�SECURE_HSTS_INCLUDE_SUBDOMAINS�W005r$rrr�check_sts_include_subdomains����r3cKr/r0)rrr,�SECURE_HSTS_PRELOAD�W021r$rrr�check_sts_preload�r4r7cK� t�ptjdu}|r
gStgSr0)rr�SECURE_CONTENT_TYPE_NOSNIFF�W006r$rrr�check_content_type_nosniff���r;cKr8r0)rr�SECURE_SSL_REDIRECT�W008r$rrr�check_ssl_redirect�r<r?c	Ks\ztj}Wn
ttfyd}Ynwtt|��tko&t|�tko&|�t	�}|r+gSt
gS)NF)r�
SECRET_KEYr�AttributeError�len�set� SECRET_KEY_MIN_UNIQUE_CHARACTERS�SECRET_KEY_MIN_LENGTH�
startswith�SECRET_KEY_INSECURE_PREFIX�W009)r%r&�
secret_keyr'rrr�check_secret_key�s
�
�
�rJcKstj}|rgStgSr")r�DEBUG�W018r$rrr�check_debug�srMcKs t�ptjdk}|r
gStgS)N�DENY)rr�X_FRAME_OPTIONS�W019r$rrr�check_xframe_deny�r<rQcKstjrgStgSr")r�
ALLOWED_HOSTS�W020�r%r&rrr�check_allowed_hosts�srUcKsVt�r)tjdurtgSttjt�rdd�tj�d�D�}nttj�}|tks)t	gSgS)NcSsh|]}|���qSr)�strip)�.0�vrrr�	<setcomp>�sz(check_referrer_policy.<locals>.<setcomp>�,)
rr�SECURE_REFERRER_POLICY�W022�
isinstance�str�splitrC�REFERRER_POLICY_VALUES�E023)r%r&�valuesrrr�check_referrer_policy�s

rccKstjdvrtgSgS)N>�sha1�sha256)r�DEFAULT_HASHING_ALGORITHM�E100rTrrr�check_default_hashing_algorithm�s
rhN).�django.confr�django.core.exceptionsr�rrrrr`rGrErDr#r*r-r2r:r>rHrLrPrSr6r\�format�join�sortedrargrr�securityr(r+r.r3r7r;r?rJrMrQrUrcrhrrrr�<module>s��	�
�	�	�	�	��	�
��	�����