Vh# ddlmZddlmZddlmZmZmZmZhdZ hdZ dZ dZ d Z d e d e d e d ZeddZeddZeddZeddZeddZeddZeedzdZeddZedd Zed!d"Zed#d$Zed%d&Zed'd(j7d)j9ee d*+Zed,d(j7d)j9ee d-+Zeed.Z d/Z!d0Z"eejFd12d3Z$eejFd12d4Z%eejFd12d5Z&eejFd12d6Z'eejFd12d7Z(eejFd12d8Z)eejFd12d9Z*d:Z+eejFd12d;Z,eejFd12d<Z-eejFd12d=Z.eejFd12d>Z/eejFd12d?Z0eejFd12d@Z1eejFd12dAZ2yB)C)settings)ImproperlyConfigured)ErrorTagsWarningregister> unsafe-nonesame-origin-allow-popups same-origin> unsafe-url no-referrer strict-originorigin-when-cross-originno-referrer-when-downgradestrict-origin-when-cross-originoriginr zdjango-insecure-2zYour %s has less than z characters, less than z+ unique characters, or it's prefixed with 'z' indicating that it was generated automatically by Django. Please generate a long and random value, otherwise many of Django's security-critical features will be vulnerable to attack.zYou do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_REFERRER_POLICY, SECURE_CROSS_ORIGIN_OPENER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.z security.W001ida3You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.z security.W002a,You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.z security.W004aYou have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.z security.W005zYour SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'X-Content-Type-Options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.z security.W006aYour SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.z security.W008 SECRET_KEYz security.W009z4You should not have DEBUG set to True in deployment.z security.W018zYou have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. Unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.z security.W019z.ALLOWED_HOSTS must not be empty in deployment.z security.W020zYou have not set the SECURE_HSTS_PRELOAD setting to True. Without this, your site cannot be submitted to the browser preload list.z security.W021zYou have not set the SECURE_REFERRER_POLICY setting. Without this, your site will not send a Referrer-Policy header. You should consider enabling this header to protect user privacy.z security.W022zDYou have set the SECURE_REFERRER_POLICY setting to an invalid value.zValid values are: {}.z, z security.E023)hintrzOYou have set the SECURE_CROSS_ORIGIN_OPENER_POLICY setting to an invalid value.z security.E024z security.W025c&dtjvS)Nz-django.middleware.security.SecurityMiddlewarer MIDDLEWAREP/home/dcms/DCMS/lib/python3.12/site-packages/django/core/checks/security/base.py_security_middlewarer s :h>Q>Q QQrc&dtjvS)Nz6django.middleware.clickjacking.XFrameOptionsMiddlewarerrrr_xframe_middlewarer"s@HDWDWWrT)deployc ,t}|rgStgSN)r W001 app_configskwargs passed_checks rcheck_security_middlewarer+s')L2)D6)rc ,t}|rgStgSr%)r"W002r's rcheck_xframe_options_middlewarer.s%'L2)D6)rc Rt xstj}|rgStgSr%)r rSECURE_HSTS_SECONDSW004r's r check_stsr2s'+--M1M1ML2)D6)rc |t xs%tj xstjdu}|rgStgSNT)r rr0SECURE_HSTS_INCLUDE_SUBDOMAINSW005r's rcheck_sts_include_subdomainsr7sG ! "" ;++ + ;  2 2d : 2)D6)rc |t xs%tj xstjdu}|rgStgSr4)r rr0SECURE_HSTS_PRELOADW021r's rcheck_sts_preloadr;sG ! "" 0++ + 0  ' '4 / 2)D6)rc Vt xstjdu}|rgStgSr4)r rSECURE_CONTENT_TYPE_NOSNIFFW006r's rcheck_content_type_nosniffr?s3 ! ""Rh&J&Jd&R2)D6)rc Vt xstjdu}|rgStgSr4)r rSECURE_SSL_REDIRECTW008r's rcheck_ssl_redirectrCs-+--U1M1MQU1UL2)D6)rctt|tk\xr*t|tk\xr|j t  Sr%)lenset SECRET_KEY_MIN_UNIQUE_CHARACTERSSECRET_KEY_MIN_LENGTH startswithSECRET_KEY_INSECURE_PREFIX) secret_keys r_check_secret_keyrLsD C O @@ B  O4 4 B%%&@A Arc ~ tj}t|}|rgSt gS#ttf$rd}YwxYw)NF)rrrLrAttributeErrorW009)r(r)rKr*s rcheck_secret_keyrPsH5(( )4 2)D6) !. 1 s (<<c g} tj}t|D]P\}}t|r|j t t jd|dzt jR|S#ttf$r?|j t t jdzt jY|SwxYw)NzSECRET_KEY_FALLBACKS[]rSECRET_KEY_FALLBACKS) rrS enumeraterLappendrW025msgrrrN)r(r)warnings fallbacksindexkeys rcheck_secret_key_fallbacksr\sH 11 $I. JE3$S)DHH)>ugQ'GGDGGT  O !. 1P+A AdggNO OPsA44A CCc :tj }|rgStgSr%)rDEBUGW018r's r check_debugr`s~~%L2)D6)rc Xt xstjdk(}|rgStgS)NDENY)r"rX_FRAME_OPTIONSW019r's rcheck_xframe_denyres,)++Qx/G/G6/QL2)D6)rc 4tjrgStgSr%)r ALLOWED_HOSTSW020r(r)s rcheck_allowed_hostsrjs''23dV3rc VtrtjtgSt tjt r;tjj dDchc]}|j}}nttj}|tkstgSgScc}w)N,) r rSECURE_REFERRER_POLICYW022 isinstancestrsplitstriprFREFERRER_POLICY_VALUESE023)r(r)vvaluess rcheck_referrer_policyrws  * * 26M h55s ;)1)H)H)N)Ns)STAaggiTFT889F//6M I Us!B&c ttr-tjtjtvrtgSgSr%)r r!SECURE_CROSS_ORIGIN_OPENER_POLICY!CROSS_ORIGIN_OPENER_POLICY_VALUESE024ris r check_cross_origin_opener_policyr|s5   6 6 B  6 60 1v IrN)3 django.confrdjango.core.exceptionsrrrrr rzrsrJrHrGSECRET_KEY_WARNING_MSGr&r-r1r6r>rBrOr_rdrhr:rnformatjoinsortedrtr{rVr r"securityr+r.r2r7r;r?rCrLrPr\r`rerjrwr|rrrrs 7--%! 0#$ 233J'() ' ()  3 0    :  ,  \) : 9  4 A 4  J ' ' &9O2P(Q R   ' ' &:;<  %/:R  $--%*&*  $--%*&*  $--%*&*  $--%*&* $--%*&* $--%*&* $--%*&*  $--%*&* $--% &  $--%*&*  $--%*&*  $--%4&4 $--% &  $--%&r