...

����Ӱ�h�#����������������������@���s���d�dl�mZ�d�dlmZ�ddlmZmZmZmZ�h�d�Z	h�d�Z
dZdZd	Z
d
e��de
��de��d
�Zeddd�Zeddd�Zeddd�Zeddd�Zeddd�Zeddd�Zeed�dd�Zeddd�Zedd d�Zed!d"d�Zed#d$d�Zed%d&d�Zed'd(�d)�ee
���d*d+�Zed,d(�d)�ee	���d-d+�Zeed.d�Z d/d0��Z!d1d2��Z"eej#d3d4�d5d6���Z$eej#d3d4�d7d8���Z%eej#d3d4�d9d:���Z&eej#d3d4�d;d<���Z'eej#d3d4�d=d>���Z(eej#d3d4�d?d@���Z)eej#d3d4�dAdB���Z*dCdD��Z+eej#d3d4�dEdF���Z,eej#d3d4�dGdH���Z-eej#d3d4�dIdJ���Z.eej#d3d4�dKdL���Z/eej#d3d4�dMdN���Z0eej#d3d4�dOdP���Z1eej#d3d4�dQdR���Z2dSS�)T�����)�settings)�ImproperlyConfigured����)�Error�Tags�Warning�register>���zsame-origin-allow-popups�same-originzunsafe-none>����originzorigin-when-cross-originzno-referrerz
unsafe-urlzstrict-origin-when-cross-originz
strict-originzno-referrer-when-downgrader	���zdjango-insecure-�2�������zYour %s has less than z characters, less than z+ unique characters, or it's prefixed with 'z�' indicating that it was generated automatically by Django. Please generate a long and random value, otherwise many of Django's security-critical features will be vulnerable to attack.z�You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_REFERRER_POLICY, SECURE_CROSS_ORIGIN_OPENER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.z
security.W001��ida3��You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.z
security.W002a,��You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.z
security.W004a��You have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.z
security.W005z�Your SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'X-Content-Type-Options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.z
security.W006a��Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.z
security.W008�
SECRET_KEYz
security.W009z4You should not have DEBUG set to True in deployment.z
security.W018z�You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. Unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.z
security.W019z.ALLOWED_HOSTS must not be empty in deployment.z
security.W020z�You have not set the SECURE_HSTS_PRELOAD setting to True. Without this, your site cannot be submitted to the browser preload list.z
security.W021z�You have not set the SECURE_REFERRER_POLICY setting. Without this, your site will not send a Referrer-Policy header. You should consider enabling this header to protect user privacy.z
security.W022zDYou have set the SECURE_REFERRER_POLICY setting to an invalid value.zValid values are: {}.z, z
security.E023)�hintr���zOYou have set the SECURE_CROSS_ORIGIN_OPENER_POLICY setting to an invalid value.z
security.E024z
security.W025c�������������������C���s
���dt�jv�S�)Nz-django.middleware.security.SecurityMiddleware�r���Z
MIDDLEWARE��r���r����J/usr/local/lib/python3.9/site-packages/django/core/checks/security/base.py�_security_middleware����s����r���c�������������������C���s
���dt�jv�S�)Nz6django.middleware.clickjacking.XFrameOptionsMiddlewarer���r���r���r���r����_xframe_middleware����s�����r���T)Zdeployc�����������������K���s���t���}|rg�S�tgS��N)r����W001��app_configs�kwargs�passed_checkr���r���r����check_security_middleware����s����r���c�����������������K���s���t���}|rg�S�tgS�r���)r����W002r���r���r���r����check_xframe_options_middleware����s����r���c�����������������K���s���t����ptj}|rg�S�tgS�r���)r���r����SECURE_HSTS_SECONDS�W004r���r���r���r����	check_sts����s����r!���c�����������������K���s(���t����ptj�ptjdu�}|r"g�S�tgS��NT)r���r���r���ZSECURE_HSTS_INCLUDE_SUBDOMAINS�W005r���r���r���r����check_sts_include_subdomains����s������r$���c�����������������K���s(���t����ptj�ptjdu�}|r"g�S�tgS�r"���)r���r���r���ZSECURE_HSTS_PRELOAD�W021r���r���r���r����check_sts_preload����s������r&���c�����������������K���s ���t����ptjdu�}|rg�S�tgS�r"���)r���r���ZSECURE_CONTENT_TYPE_NOSNIFF�W006r���r���r���r����check_content_type_nosniff����s�����r(���c�����������������K���s ���t����ptjdu�}|rg�S�tgS�r"���)r���r���ZSECURE_SSL_REDIRECT�W008r���r���r���r����check_ssl_redirect����s����r*���c�����������������C���s(���t�t|���tko&t�|��tko&|��t��S�r���)�len�set� SECRET_KEY_MIN_UNIQUE_CHARACTERS�SECRET_KEY_MIN_LENGTH�
startswith�SECRET_KEY_INSECURE_PREFIX)�
secret_keyr���r���r����_check_secret_key����s
����
�
�r2���c��������������	���K���s<���z
t�j}W�n�ttfy$���d}Y�n
0�t|�}|r6g�S�tgS�)NF)r���r���r����AttributeErrorr2����W009)r���r���r1���r���r���r���r����check_secret_key����s����

r5���c��������������	���K���s����g�}z
t�j}W�n0�ttfy>���|�ttjd�tjd���Y�n>0�t	|�D�]2\}}t
|�sH|�ttjd|��d��tjd���qH|S�)N�SECRET_KEY_FALLBACKSr
���zSECRET_KEY_FALLBACKS[�])r���r6���r���r3����appendr����W025�msgr����	enumerater2���)r���r����warningsZ	fallbacks�index�keyr���r���r����check_secret_key_fallbacks����s����
 �r?���c�����������������K���s���t�j�}|rg�S�tgS�r���)r����DEBUG�W018r���r���r���r����check_debug����s����rB���c�����������������K���s ���t����ptjdk}|rg�S�tgS�)NZDENY)r���r���ZX_FRAME_OPTIONS�W019r���r���r���r����check_xframe_deny����s����rD���c�����������������K���s���t�jr
g�S�tgS�r���)r���Z
ALLOWED_HOSTS�W020�r���r���r���r���r����check_allowed_hosts����s����rG���c�����������������K���sV���t���rRtjd�u�rtgS�ttjt�r:dd��tj�d�D��}n
ttj�}|tksRt	gS�g�S�)Nc�����������������S���s���h�|�]}|�����qS�r���)�strip)�.0�vr���r���r����	<setcomp>
�������z(check_referrer_policy.<locals>.<setcomp>�,)
r���r���ZSECURE_REFERRER_POLICY�W022�
isinstance�str�splitr,����REFERRER_POLICY_VALUES�E023)r���r����valuesr���r���r����check_referrer_policy��s����

rU���c�����������������K���s$���t���r tjd�ur tjtvr tgS�g�S�r���)r���r���Z!SECURE_CROSS_ORIGIN_OPENER_POLICY�!CROSS_ORIGIN_OPENER_POLICY_VALUES�E024rF���r���r���r���� check_cross_origin_opener_policy��s��������rX���N)3Zdjango.confr���Zdjango.core.exceptionsr�����r���r���r���r���rV���rR���r0���r.���r-���ZSECRET_KEY_WARNING_MSGr���r���r ���r#���r'���r)���r4���rA���rC���rE���r%���rN����format�join�sortedrS���rW���r9���r���r����securityr���r���r!���r$���r&���r(���r*���r2���r5���r?���rB���rD���rG���rU���rX���r���r���r���r����<module>���s�������	�	�
�	�	�	�	���	������

.	Edit
..	Edit
__init__.cpython-39.pyc	Edit
base.cpython-39.pyc	Edit
csrf.cpython-39.pyc	Edit
sessions.cpython-39.pyc	Edit