LȂiD& SSKJr SSKJr SSKJrJrJrJr 1Skr 1Skr Sr Sr S r S \ S \ S \ S 3r\"SSS9r\"SSS9r\"SSS9r\"SSS9r\"SSS9r\"SSS9r\"\S-SS9r\"SSS9r\"SS S9r\"S!S"S9r\"S#S$S9r\"S%S&S9r\"S'S(R7S)R9\"\ 555S*S+9r\"S,S(R7S)R9\"\ 555S-S+9r\"\S.S9r \"S/S0S9r!S1r"S2r#\"\RHS3S49S55r%\"\RHS3S49S65r&\"\RHS3S49S75r'\"\RHS3S49S85r(\"\RHS3S49S95r)\"\RHS3S49S:5r*\"\RHS3S49S;5r+S<r,\"\RHS3S49S=5r-\"\RHS3S49S>5r.\"\RHS3S49S?5r/\"\RHS3S49S@5r0\"\RHS3S49SA5r1\"\RHS3S49SB5r2\"\RHS3S49SC5r3\"\RH5SD5r4gE)F)settings)ImproperlyConfigured)ErrorTagsWarningregister> same-origin unsafe-nonesame-origin-allow-popups>origin unsafe-url no-referrerr strict-originorigin-when-cross-originno-referrer-when-downgradestrict-origin-when-cross-originzdjango-insecure-2zYour %s has less than z characters, less than z+ unique characters, or it's prefixed with 'z' indicating that it was generated automatically by Django. Please generate a long and random value, otherwise many of Django's security-critical features will be vulnerable to attack.zYou do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_REFERRER_POLICY, SECURE_CROSS_ORIGIN_OPENER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.z security.W001ida3You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.z security.W002a,You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.z security.W004aYou have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.z security.W005zYour SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'X-Content-Type-Options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.z security.W006aYour SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.z security.W008 SECRET_KEYz security.W009z4You should not have DEBUG set to True in deployment.z security.W018zYou have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. Unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.z security.W019z.ALLOWED_HOSTS must not be empty in deployment.z security.W020zYou have not set the SECURE_HSTS_PRELOAD setting to True. Without this, your site cannot be submitted to the browser preload list.z security.W021zYou have not set the SECURE_REFERRER_POLICY setting. Without this, your site will not send a Referrer-Policy header. You should consider enabling this header to protect user privacy.z security.W022zDYou have set the SECURE_REFERRER_POLICY setting to an invalid value.zValid values are: {}.z, z security.E023)hintrzOYou have set the SECURE_CROSS_ORIGIN_OPENER_POLICY setting to an invalid value.z security.E024z security.W025zOThe Content Security Policy setting '%s' must be a dictionary (got %r instead).z security.E026c(S[R;$)Nz-django.middleware.security.SecurityMiddlewarer MIDDLEWAREQD:\sksbv-state-backend\venv\Lib\site-packages\django/core/checks/security/base.py_security_middlewarer s :h>Q>Q QQrc(S[R;$)Nz6django.middleware.clickjacking.XFrameOptionsMiddlewarerrrr_xframe_middlewarer"s@HDWDWWrT)deployc 6[5nU(a/$[/$N)r W001 app_configskwargs passed_checks rcheck_security_middlewarer+s')L2)D6)rc 6[5nU(a/$[/$r%)r"W002r's rcheck_xframe_options_middlewarer.s%'L2)D6)rc n[5(+=(d [RnU(a/$[/$r%)r rSECURE_HSTS_SECONDSW004r's r check_stsr2s'+--M1M1ML2)D6)rc [5(+=(d. [R(+=(d [RSLnU(a/$[/$NT)r rr0SECURE_HSTS_INCLUDE_SUBDOMAINSW005r's rcheck_sts_include_subdomainsr7sG ! "" ;++ + ;  2 2d : 2)D6)rc [5(+=(d. [R(+=(d [RSLnU(a/$[/$r4)r rr0SECURE_HSTS_PRELOADW021r's rcheck_sts_preloadr;sG ! "" 0++ + 0  ' '4 / 2)D6)rc r[5(+=(d [RSLnU(a/$[/$r4)r rSECURE_CONTENT_TYPE_NOSNIFFW006r's rcheck_content_type_nosniffr?s3 ! ""Rh&J&Jd&R2)D6)rc r[5(+=(d [RSLnU(a/$[/$r4)r rSECURE_SSL_REDIRECTW008r's rcheck_ssl_redirectrCs-+--U1M1MQU1UL2)D6)rc[[U55[:=(a3 [U5[:=(a UR [ 5(+$r%)lenset SECRET_KEY_MIN_UNIQUE_CHARACTERSSECRET_KEY_MIN_LENGTH startswithSECRET_KEY_INSECURE_PREFIX) secret_keys r_check_secret_keyrLsD C O @@ B  O4 4 B%%&@A Arc [Rn[U5nU(a/$[ /$![[4a SnN$f=f)NF)rrrLrAttributeErrorW009)r(r)rKr*s rcheck_secret_keyrPsH5(( )4 2)D6) !. 1 s-AAc /n[Rn[U5HSupE[U5(aMUR [ [ RSUS3-[ RS95 MU U$![[4a< UR [ [ RS-[ RS95 U$f=f)NzSECRET_KEY_FALLBACKS[]rSECRET_KEY_FALLBACKS) rrS enumeraterLappendrW025msgrrrN)r(r)warnings fallbacksindexkeys rcheck_secret_key_fallbacksr\sH 11 $I.JE$S))DHH)>ugQ'GGDGGT/ O !. 1P+A AdggNO OPsA88ACCc L[R(+nU(a/$[/$r%)rDEBUGW018r's r check_debugr`s~~%L2)D6)rc t[5(+=(d [RS:HnU(a/$[/$)NDENY)r"rX_FRAME_OPTIONSW019r's rcheck_xframe_denyres,)++Qx/G/G6/QL2)D6)rc >[R(a/$[/$r%)r ALLOWED_HOSTSW020r(r)s rcheck_allowed_hostsrjs''23dV3rc p[5(a[Rc[/$[ [R[ 5(a<[RR S5Vs1sHo"R5iM nnO[[R5nU[::d[/$/$s snf)N,) r rSECURE_REFERRER_POLICYW022 isinstancestrsplitstriprFREFERRER_POLICY_VALUESE023)r(r)vvaluess rcheck_referrer_policyrws  * * 26M h55s ; ;)1)H)H)N)Ns)ST)SAggi)SFTF889F//6M I Us,B3c [5(a0[Rb[R[;a[/$/$r%)r r!SECURE_CROSS_ORIGIN_OPENER_POLICY!CROSS_ORIGIN_OPENER_POLICY_VALUESE024ris r check_cross_origin_opener_policyr|s8   6 6 B  6 60 1v Irc SVs/sHZn[[US5=ncM[U[5(aM0[ [ R X#4-[ RS9PM\ sn$s snf)z Validate that CSP settings are properly configured when enabled. Ensures both SECURE_CSP and SECURE_CSP_REPORT_ONLY are dictionaries. ) SECURE_CSPSECURE_CSP_REPORT_ONLYNr)getattrrrodictrE026rWr)r(r)namevalues rcheck_csp_settingsr$sc= rBrOr_rdrhr:rnformatjoinsortedrtr{rVrr r"securityr+r.r2r7r;r?rCrLrPr\r`rerjrwr|rrrrrs 7--%! 0#$ 233J'() ' ()  3 0    :  ,  \) : 9  4 A 4  J ' ' &9O2P(Q R   ' ' &:;<  %/: U R  $--%*&*  $--%*&*  $--%*&*  $--%*&* $--%*&* $--%*&* $--%*&*  $--%*&* $--% &  $--%*&*  $--%*&*  $--%4&4 $--% &  $--%& $--  r