diff options
| author | Tim Graham <timograham@gmail.com> | 2016-12-31 13:24:00 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2017-01-17 20:52:04 -0500 |
| commit | d334f46b7a080fd3eb720141c19b37b10704a352 (patch) | |
| tree | eeea5a2a967c3078a58455b71cfa64dc8ead2fc6 /django/core/checks/security | |
| parent | 631f4ab06112aca5bd6a57b81159048f936050bf (diff) | |
Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES.
Diffstat (limited to 'django/core/checks/security')
| -rw-r--r-- | django/core/checks/security/base.py | 13 | ||||
| -rw-r--r-- | django/core/checks/security/csrf.py | 8 | ||||
| -rw-r--r-- | django/core/checks/security/sessions.py | 8 |
3 files changed, 11 insertions, 18 deletions
diff --git a/django/core/checks/security/base.py b/django/core/checks/security/base.py index f482f77153..bc804c53df 100644 --- a/django/core/checks/security/base.py +++ b/django/core/checks/security/base.py @@ -1,7 +1,6 @@ from django.conf import settings from .. import Tags, Warning, register -from ..utils import patch_middleware_message SECRET_KEY_MIN_LENGTH = 50 SECRET_KEY_MIN_UNIQUE_CHARACTERS = 5 @@ -109,25 +108,23 @@ W021 = Warning( def _security_middleware(): - return ("django.middleware.security.SecurityMiddleware" in settings.MIDDLEWARE_CLASSES or - settings.MIDDLEWARE and "django.middleware.security.SecurityMiddleware" in settings.MIDDLEWARE) + return 'django.middleware.security.SecurityMiddleware' in settings.MIDDLEWARE def _xframe_middleware(): - return ("django.middleware.clickjacking.XFrameOptionsMiddleware" in settings.MIDDLEWARE_CLASSES or - settings.MIDDLEWARE and "django.middleware.clickjacking.XFrameOptionsMiddleware" in settings.MIDDLEWARE) + return 'django.middleware.clickjacking.XFrameOptionsMiddleware' in settings.MIDDLEWARE @register(Tags.security, deploy=True) def check_security_middleware(app_configs, **kwargs): passed_check = _security_middleware() - return [] if passed_check else [patch_middleware_message(W001)] + return [] if passed_check else [W001] @register(Tags.security, deploy=True) def check_xframe_options_middleware(app_configs, **kwargs): passed_check = _xframe_middleware() - return [] if passed_check else [patch_middleware_message(W002)] + return [] if passed_check else [W002] @register(Tags.security, deploy=True) @@ -205,7 +202,7 @@ def check_xframe_deny(app_configs, **kwargs): not _xframe_middleware() or settings.X_FRAME_OPTIONS == 'DENY' ) - return [] if passed_check else [patch_middleware_message(W019)] + return [] if passed_check else [W019] @register(Tags.security, deploy=True) diff --git a/django/core/checks/security/csrf.py b/django/core/checks/security/csrf.py index d9dd47b3ea..75c9813e7f 100644 --- a/django/core/checks/security/csrf.py +++ b/django/core/checks/security/csrf.py @@ -1,7 +1,6 @@ from django.conf import settings from .. import Tags, Warning, register -from ..utils import patch_middleware_message W003 = Warning( "You don't appear to be using Django's built-in " @@ -22,14 +21,13 @@ W016 = Warning( def _csrf_middleware(): - return ("django.middleware.csrf.CsrfViewMiddleware" in settings.MIDDLEWARE_CLASSES or - settings.MIDDLEWARE and "django.middleware.csrf.CsrfViewMiddleware" in settings.MIDDLEWARE) + return 'django.middleware.csrf.CsrfViewMiddleware' in settings.MIDDLEWARE @register(Tags.security, deploy=True) def check_csrf_middleware(app_configs, **kwargs): passed_check = _csrf_middleware() - return [] if passed_check else [patch_middleware_message(W003)] + return [] if passed_check else [W003] @register(Tags.security, deploy=True) @@ -39,4 +37,4 @@ def check_csrf_cookie_secure(app_configs, **kwargs): not _csrf_middleware() or settings.CSRF_COOKIE_SECURE ) - return [] if passed_check else [patch_middleware_message(W016)] + return [] if passed_check else [W016] diff --git a/django/core/checks/security/sessions.py b/django/core/checks/security/sessions.py index bb361e7b50..1f31a167fa 100644 --- a/django/core/checks/security/sessions.py +++ b/django/core/checks/security/sessions.py @@ -1,7 +1,6 @@ from django.conf import settings from .. import Tags, Warning, register -from ..utils import patch_middleware_message def add_session_cookie_message(message): @@ -71,7 +70,7 @@ def check_session_cookie_secure(app_configs, **kwargs): if _session_app(): errors.append(W010) if _session_middleware(): - errors.append(patch_middleware_message(W011)) + errors.append(W011) if len(errors) > 1: errors = [W012] return errors @@ -84,15 +83,14 @@ def check_session_cookie_httponly(app_configs, **kwargs): if _session_app(): errors.append(W013) if _session_middleware(): - errors.append(patch_middleware_message(W014)) + errors.append(W014) if len(errors) > 1: errors = [W015] return errors def _session_middleware(): - return ("django.contrib.sessions.middleware.SessionMiddleware" in settings.MIDDLEWARE_CLASSES or - settings.MIDDLEWARE and "django.contrib.sessions.middleware.SessionMiddleware" in settings.MIDDLEWARE) + return 'django.contrib.sessions.middleware.SessionMiddleware' in settings.MIDDLEWARE def _session_app(): |
