df# ddlmZddlmZddlmZmZmZmZhdZ hdZ dZ dZ d Z d e d e d e d ZeddZeddZeddZeddZeddZeddZeedzdZeddZedd Zed!d"Zed#d$Zed%d&Zed'd(d)ee d*+Zed,d(d)ee d-+Zeed.Z d/Z!d0Z"eej#d12d3Z$eej#d12d4Z%eej#d12d5Z&eej#d12d6Z'eej#d12d7Z(eej#d12d8Z)eej#d12d9Z*d:Z+eej#d12d;Z,eej#d12d<Z-eej#d12d=Z.eej#d12d>Z/eej#d12d?Z0eej#d12d@Z1eej#d12dAZ2dBS)C)settings)ImproperlyConfigured)ErrorTagsWarningregister> unsafe-nonesame-origin-allow-popups same-origin> unsafe-url no-referrer strict-originorigin-when-cross-originno-referrer-when-downgradestrict-origin-when-cross-originoriginr zdjango-insecure-2zYour %s has less than z characters, less than z+ unique characters, or it's prefixed with 'z' indicating that it was generated automatically by Django. Please generate a long and random value, otherwise many of Django's security-critical features will be vulnerable to attack.zYou do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_REFERRER_POLICY, SECURE_CROSS_ORIGIN_OPENER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.z security.W001ida3You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.z security.W002a,You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.z security.W004aYou have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.z security.W005zYour SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'X-Content-Type-Options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.z security.W006aYour SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.z security.W008 SECRET_KEYz security.W009z4You should not have DEBUG set to True in deployment.z security.W018zYou have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. Unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.z security.W019z.ALLOWED_HOSTS must not be empty in deployment.z security.W020zYou have not set the SECURE_HSTS_PRELOAD setting to True. Without this, your site cannot be submitted to the browser preload list.z security.W021zYou have not set the SECURE_REFERRER_POLICY setting. Without this, your site will not send a Referrer-Policy header. You should consider enabling this header to protect user privacy.z security.W022zDYou have set the SECURE_REFERRER_POLICY setting to an invalid value.zValid values are: {}.z, z security.E023)hintrzOYou have set the SECURE_CROSS_ORIGIN_OPENER_POLICY setting to an invalid value.z security.E024z security.W025cdtjvS)Nz-django.middleware.security.SecurityMiddlewarer MIDDLEWARE\D:\Python Project\djangoTemplates\venv\Lib\site-packages\django/core/checks/security/base.py_security_middlewarer s :h>Q QQrcdtjvS)Nz6django.middleware.clickjacking.XFrameOptionsMiddlewarerrrr_xframe_middlewarer"s@HDWWrT)deployc 6t}|rgntgSN)r W001 app_configskwargs passed_checks rcheck_security_middlewarer+s'))L )22D6)rc 6t}|rgntgSr%)r"W002r's rcheck_xframe_options_middlewarer.s%''L )22D6)rc Pt p tj}|rgntgSr%)r rSECURE_HSTS_SECONDSW004r's r check_stsr2s)+---M1ML )22D6)rc nt ptj p tjdu}|rgntgSNT)r rr0SECURE_HSTS_INCLUDE_SUBDOMAINSW005r's rcheck_sts_include_subdomainsr7sF ! " "" ;+ + ;  2d :  )22D6)rc nt ptj p tjdu}|rgntgSr4)r rr0SECURE_HSTS_PRELOADW021r's rcheck_sts_preloadr;sF ! " "" 0+ + 0  '4 /  )22D6)rc Tt p tjdu}|rgntgSr4)r rSECURE_CONTENT_TYPE_NOSNIFFW006r's rcheck_content_type_nosniffr?s5 ! " ""Rh&Jd&R )22D6)rc Tt p tjdu}|rgntgSr4)r rSECURE_SSL_REDIRECTW008r's rcheck_ssl_redirectrCs/+---U1MQU1UL )22D6)rctt|tko2t|tko|t  Sr%)lenset SECRET_KEY_MIN_UNIQUE_CHARACTERSSECRET_KEY_MIN_LENGTH startswithSECRET_KEY_INSECURE_PREFIX) secret_keys r_check_secret_keyrLsN C OO @@ B  OO4 4 B%%&@AA Arc tj}t|}n#ttf$rd}YnwxYw|rgnt gS)NF)rrrLrAttributeErrorW009)r(r)rKr*s rcheck_secret_keyrPs^5( )44  !. 1  )22D6)s 44c g} tj}t|D]S\}}t|s?|t t jd|dzt jTnR#ttf$r>|t t jdzt jYnwxYw|S)NzSECRET_KEY_FALLBACKS[]rSECRET_KEY_FALLBACKS) rrS enumeraterLappendrW025msgrrrN)r(r)warnings fallbacksindexkeys rcheck_secret_key_fallbacksr\sH 1 $I..  JE3$S)) DH'Gu'G'G'GGDGTTT  !. 1PPP+A AdgNNNOOOOOP Os A44A CCc 4tj }|rgntgSr%)rDEBUGW018r's r check_debugr`s~%L )22D6)rc Xt ptjdk}|rgntgS)NDENY)r"rX_FRAME_OPTIONSW019r's rcheck_xframe_denyres.)+++Qx/G6/QL )22D6)rc .tjrgntgSr%)r ALLOWED_HOSTSW020r(r)s rcheck_allowed_hostsrjs' 322dV3rc 4trtjtgSt tjt r*dtjdD}nttj}|tkstgSgS)Nc6h|]}|Sr)strip).0vs r z(check_referrer_policy.. s TTTAaggiiTTTr,) r rSECURE_REFERRER_POLICYW022 isinstancestrsplitrFREFERRER_POLICY_VALUESE023)r(r)valuess rcheck_referrer_policyrzs   * 26M h5s ; ; :TT)H)N)Ns)S)STTTFF899F///6M Irc ptr'tjtjtvrtgSgSr%)r r!SECURE_CROSS_ORIGIN_OPENER_POLICY!CROSS_ORIGIN_OPENER_POLICY_VALUESE024ris r check_cross_origin_opener_policyrs<   6 B  60 1 1v IrN)3 django.confrdjango.core.exceptionsrrrrr r}rwrJrHrGSECRET_KEY_WARNING_MSGr&r-r1r6r>rBrOr_rdrhr:rsformatjoinsortedrxr~rVr r"securityr+r.r2r7r;r?rCrLrPr\r`rerjrzrrrrrs 777777------------%%%!   0#$ 2' 'w  w3 w0  w  w:  w,  w\) w: w9  w4 wA w4  uJ ' ' &&9O2P2P(Q(Q R R  u ' ' &&:;;<<   w%/:::RRR  $-%%%**&%*  $-%%%**&%*  $-%%%**&%*  $-%%%**&%* $-%%%**&%* $-%%%**&%* $-%%%**&%*  $-%%%**&%* $-%%%  &%  $-%%%**&%*  $-%%%**&%*  $-%%%44&%4 $-%%%  &%  $-%%%&%r