o a@sddlZddlmZddlmZmZmZmZedddZedd dZ d d Z eej d d ddZ eej d d ddZ eej ddZdS)N)settings)ErrorTagsWarningregisteraYou don't appear to be using Django's built-in cross-site request forgery protection via the middleware ('django.middleware.csrf.CsrfViewMiddleware' is not in your MIDDLEWARE). Enabling the middleware is the safest approach to ensure you don't leave any holes.z security.W003idzYou have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.z security.W016cCs dtjvS)Nz)django.middleware.csrf.CsrfViewMiddleware)r MIDDLEWAREr r B/usr/lib/python3/dist-packages/django/core/checks/security/csrf.py_csrf_middlewares r T)deploycKst}|rgStgSN)r W003 app_configskwargs passed_checkr r r check_csrf_middlewaresrcKs"tjp t p tj}|rgStgSr)rCSRF_USE_SESSIONSr CSRF_COOKIE_SECUREW016rr r r check_csrf_cookie_secure#s rc Ksddlm}g}z|}Wnty%dtj}|t|ddY|Swz t|j dddW|St yKdtj}|t|ddY|Sw) Nr)_get_failure_viewz1The CSRF failure view '%s' could not be imported.z security.E102r)reasonzIThe CSRF failure view '%s' does not take the correct number of arguments.z security.E101) django.middleware.csrfr ImportErrorrCSRF_FAILURE_VIEWappendrinspect signaturebind TypeError)rrrerrorsviewmsgr r r check_csrf_failure_view-s.     r')r django.confrrrrrrrr securityrrr'r r r r s$