58 lines
1.7 KiB
Python
58 lines
1.7 KiB
Python
import sys
|
|
|
|
from django.conf import settings
|
|
from django.core.checks import Error, Warning, register
|
|
|
|
|
|
@register()
|
|
def security_settings_check(app_configs, **kwargs):
|
|
# Keep production checks strict in normal runtime, but avoid blocking the
|
|
# entire Django test runner before per-test overrides can take effect.
|
|
if 'test' in sys.argv and not settings.RUN_SECURITY_CHECKS_DURING_TESTS:
|
|
return []
|
|
|
|
issues = []
|
|
|
|
if not settings.DEBUG and settings.SECRET_KEY == 'unsafe-dev-key':
|
|
issues.append(
|
|
Error(
|
|
'DJANGO_SECRET_KEY is using the development fallback while DEBUG is disabled.',
|
|
id='workdock.E001',
|
|
)
|
|
)
|
|
|
|
if not settings.DEBUG and not settings.ALLOWED_HOSTS:
|
|
issues.append(
|
|
Error(
|
|
'ALLOWED_HOSTS must be configured when DEBUG is disabled.',
|
|
id='workdock.E002',
|
|
)
|
|
)
|
|
|
|
if not settings.DEBUG and not settings.SESSION_COOKIE_SECURE:
|
|
issues.append(
|
|
Error(
|
|
'Secure session cookies must be enabled when DEBUG is disabled.',
|
|
id='workdock.E003',
|
|
)
|
|
)
|
|
|
|
if not settings.DEBUG and not settings.CSRF_COOKIE_SECURE:
|
|
issues.append(
|
|
Error(
|
|
'Secure CSRF cookies must be enabled when DEBUG is disabled.',
|
|
id='workdock.E004',
|
|
)
|
|
)
|
|
|
|
if not settings.DEBUG and not settings.SECURE_SSL_REDIRECT:
|
|
issues.append(
|
|
Warning(
|
|
'SECURE_SSL_REDIRECT is disabled while DEBUG is off.',
|
|
hint='Enable DJANGO_SECURE_SSL_REDIRECT=1 behind HTTPS-aware proxying.',
|
|
id='workdock.W001',
|
|
)
|
|
)
|
|
|
|
return issues
|