ó ®â0_c@s°ddlmZddlmZmZmZddlmZdZdZ eddd ƒZ ed dd ƒZ ed dd ƒZ edddƒZ edddƒZedddƒZedddƒZedied6e d6ddƒZedddƒZedddƒZedddƒZed dd!ƒZd"„Zd#„Zeejd$eƒd%„ƒZeejd$eƒd&„ƒZeejd$eƒd'„ƒZeejd$eƒd(„ƒZeejd$eƒd)„ƒZeejd$eƒd*„ƒZeejd$eƒd+„ƒZ eejd$eƒd,„ƒZ!eejd$eƒd-„ƒZ"eejd$eƒd.„ƒZ#eejd$eƒd/„ƒZ$eejd$eƒd0„ƒZ%d1S(2iÿÿÿÿ(tsettingsi(tTagstWarningtregister(tpatch_middleware_messagei2isÜYou do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect.tids security.W001s3You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.s security.W002s,You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.s security.W004sYou have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.s security.W005sûYour SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'x-content-type-options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.s security.W006süYour SECURE_BROWSER_XSS_FILTER setting is not set to True, so your pages will not be served with an 'x-xss-protection: 1; mode=block' header. You should consider enabling this header to activate the browser's XSS filtering and help prevent XSS attacks.s security.W007sYour SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.s security.W008sîYour SECRET_KEY has less than %(min_length)s characters or less than %(min_unique_chars)s unique characters. Please generate a long and random SECRET_KEY, otherwise many of Django's security-critical features will be vulnerable to attack.t min_lengthtmin_unique_charss security.W009s4You should not have DEBUG set to True in deployment.s security.W018sYou have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.s security.W019s.ALLOWED_HOSTS must not be empty in deployment.s security.W020s‚You have not set the SECURE_HSTS_PRELOAD setting to True. Without this, your site cannot be submitted to the browser preload list.s security.W021cCs%dtjkp$tjo$dtjkS(Ns-django.middleware.security.SecurityMiddleware(RtMIDDLEWARE_CLASSESt MIDDLEWARE(((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pyt_security_middlewareoscCs%dtjkp$tjo$dtjkS(Ns6django.middleware.clickjacking.XFrameOptionsMiddleware(RRR (((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pyt_xframe_middlewaretstdeploycKs tƒ}|rgSttƒgS(N(R RtW001(t app_configstkwargst passed_check((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytcheck_security_middlewareys cKs tƒ}|rgSttƒgS(N(R RtW002(RRR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytcheck_xframe_options_middlewares cKs$tƒ ptj}|rgStgS(N(R RtSECURE_HSTS_SECONDStW004(RRR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pyt check_sts…scKs4tƒ p tj p tjtk}|r-gStgS(N(R RRtSECURE_HSTS_INCLUDE_SUBDOMAINStTruetW005(RRR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytcheck_sts_include_subdomains‹s  cKs4tƒ p tj p tjtk}|r-gStgS(N(R RRtSECURE_HSTS_PRELOADRtW021(RRR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytcheck_sts_preload•s  cKs*tƒ ptjtk}|r#gStgS(N(R RtSECURE_CONTENT_TYPE_NOSNIFFRtW006(RRR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytcheck_content_type_nosniffŸs cKs*tƒ ptjtk}|r#gStgS(N(R RtSECURE_BROWSER_XSS_FILTERRtW007(RRR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytcheck_xss_filter¨s cKs*tƒ ptjtk}|r#gStgS(N(R RtSECURE_SSL_REDIRECTRtW008(RRR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytcheck_ssl_redirect±s cKsSttddƒo?tttjƒƒtko?ttjƒtk}|rLgStgS(Nt SECRET_KEY( tgetattrRtNonetlentsetR't SECRET_KEY_MIN_UNIQUE_CHARACTERStSECRET_KEY_MIN_LENGTHtW009(RRR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytcheck_secret_keyºscKstj }|rgStgS(N(RtDEBUGtW018(RRR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pyt check_debugÄs cKs0tƒ ptjdk}|r#gSttƒgS(NtDENY(R RtX_FRAME_OPTIONSRtW019(RRR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytcheck_xframe_denyÊs cKstjr gStgS(N(Rt ALLOWED_HOSTStW020(RR((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytcheck_allowed_hostsÓsN(&t django.confRtRRRtutilsRR-R,R RRRRR"R%R.R1R5R8RR R tsecurityRRRRRRR R#R&R/R2R6R9(((sB/tmp/pip-unpacked-wheel-BAJOf3/django/core/checks/security/base.pytsr