summaryrefslogtreecommitdiff
path: root/django/core/checks/security
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2016-12-31 13:24:00 -0500
committerTim Graham <timograham@gmail.com>2017-01-17 20:52:04 -0500
commitd334f46b7a080fd3eb720141c19b37b10704a352 (patch)
treeeeea5a2a967c3078a58455b71cfa64dc8ead2fc6 /django/core/checks/security
parent631f4ab06112aca5bd6a57b81159048f936050bf (diff)
Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES.
Diffstat (limited to 'django/core/checks/security')
-rw-r--r--django/core/checks/security/base.py13
-rw-r--r--django/core/checks/security/csrf.py8
-rw-r--r--django/core/checks/security/sessions.py8
3 files changed, 11 insertions, 18 deletions
diff --git a/django/core/checks/security/base.py b/django/core/checks/security/base.py
index f482f77153..bc804c53df 100644
--- a/django/core/checks/security/base.py
+++ b/django/core/checks/security/base.py
@@ -1,7 +1,6 @@
from django.conf import settings
from .. import Tags, Warning, register
-from ..utils import patch_middleware_message
SECRET_KEY_MIN_LENGTH = 50
SECRET_KEY_MIN_UNIQUE_CHARACTERS = 5
@@ -109,25 +108,23 @@ W021 = Warning(
def _security_middleware():
- return ("django.middleware.security.SecurityMiddleware" in settings.MIDDLEWARE_CLASSES or
- settings.MIDDLEWARE and "django.middleware.security.SecurityMiddleware" in settings.MIDDLEWARE)
+ return 'django.middleware.security.SecurityMiddleware' in settings.MIDDLEWARE
def _xframe_middleware():
- return ("django.middleware.clickjacking.XFrameOptionsMiddleware" in settings.MIDDLEWARE_CLASSES or
- settings.MIDDLEWARE and "django.middleware.clickjacking.XFrameOptionsMiddleware" in settings.MIDDLEWARE)
+ return 'django.middleware.clickjacking.XFrameOptionsMiddleware' in settings.MIDDLEWARE
@register(Tags.security, deploy=True)
def check_security_middleware(app_configs, **kwargs):
passed_check = _security_middleware()
- return [] if passed_check else [patch_middleware_message(W001)]
+ return [] if passed_check else [W001]
@register(Tags.security, deploy=True)
def check_xframe_options_middleware(app_configs, **kwargs):
passed_check = _xframe_middleware()
- return [] if passed_check else [patch_middleware_message(W002)]
+ return [] if passed_check else [W002]
@register(Tags.security, deploy=True)
@@ -205,7 +202,7 @@ def check_xframe_deny(app_configs, **kwargs):
not _xframe_middleware() or
settings.X_FRAME_OPTIONS == 'DENY'
)
- return [] if passed_check else [patch_middleware_message(W019)]
+ return [] if passed_check else [W019]
@register(Tags.security, deploy=True)
diff --git a/django/core/checks/security/csrf.py b/django/core/checks/security/csrf.py
index d9dd47b3ea..75c9813e7f 100644
--- a/django/core/checks/security/csrf.py
+++ b/django/core/checks/security/csrf.py
@@ -1,7 +1,6 @@
from django.conf import settings
from .. import Tags, Warning, register
-from ..utils import patch_middleware_message
W003 = Warning(
"You don't appear to be using Django's built-in "
@@ -22,14 +21,13 @@ W016 = Warning(
def _csrf_middleware():
- return ("django.middleware.csrf.CsrfViewMiddleware" in settings.MIDDLEWARE_CLASSES or
- settings.MIDDLEWARE and "django.middleware.csrf.CsrfViewMiddleware" in settings.MIDDLEWARE)
+ return 'django.middleware.csrf.CsrfViewMiddleware' in settings.MIDDLEWARE
@register(Tags.security, deploy=True)
def check_csrf_middleware(app_configs, **kwargs):
passed_check = _csrf_middleware()
- return [] if passed_check else [patch_middleware_message(W003)]
+ return [] if passed_check else [W003]
@register(Tags.security, deploy=True)
@@ -39,4 +37,4 @@ def check_csrf_cookie_secure(app_configs, **kwargs):
not _csrf_middleware() or
settings.CSRF_COOKIE_SECURE
)
- return [] if passed_check else [patch_middleware_message(W016)]
+ return [] if passed_check else [W016]
diff --git a/django/core/checks/security/sessions.py b/django/core/checks/security/sessions.py
index bb361e7b50..1f31a167fa 100644
--- a/django/core/checks/security/sessions.py
+++ b/django/core/checks/security/sessions.py
@@ -1,7 +1,6 @@
from django.conf import settings
from .. import Tags, Warning, register
-from ..utils import patch_middleware_message
def add_session_cookie_message(message):
@@ -71,7 +70,7 @@ def check_session_cookie_secure(app_configs, **kwargs):
if _session_app():
errors.append(W010)
if _session_middleware():
- errors.append(patch_middleware_message(W011))
+ errors.append(W011)
if len(errors) > 1:
errors = [W012]
return errors
@@ -84,15 +83,14 @@ def check_session_cookie_httponly(app_configs, **kwargs):
if _session_app():
errors.append(W013)
if _session_middleware():
- errors.append(patch_middleware_message(W014))
+ errors.append(W014)
if len(errors) > 1:
errors = [W015]
return errors
def _session_middleware():
- return ("django.contrib.sessions.middleware.SessionMiddleware" in settings.MIDDLEWARE_CLASSES or
- settings.MIDDLEWARE and "django.contrib.sessions.middleware.SessionMiddleware" in settings.MIDDLEWARE)
+ return 'django.contrib.sessions.middleware.SessionMiddleware' in settings.MIDDLEWARE
def _session_app():