Loading django/core/checks/security/base.py +10 −0 Original line number Diff line number Diff line Loading @@ -95,6 +95,11 @@ W019 = Warning( id='security.W019', ) W020 = Warning( "ALLOWED_HOSTS must not be empty in deployment.", id='security.W020', ) def _security_middleware(): return "django.middleware.security.SecurityMiddleware" in settings.MIDDLEWARE_CLASSES Loading Loading @@ -182,3 +187,8 @@ def check_xframe_deny(app_configs, **kwargs): settings.X_FRAME_OPTIONS == 'DENY' ) return [] if passed_check else [W019] @register(Tags.security, deploy=True) def check_allowed_hosts(app_configs, **kwargs): return [] if settings.ALLOWED_HOSTS else [W020] docs/ref/checks.txt +1 −0 Original line number Diff line number Diff line Loading @@ -476,6 +476,7 @@ of the :djadmin:`check` command: ``'DENY'``. The default is ``'SAMEORIGIN'``, but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to ``'DENY'``. * **security.W020**: :setting:`ALLOWED_HOSTS` must not be empty in deployment. Sites ----- Loading tests/check_framework/test_security.py +15 −0 Original line number Diff line number Diff line Loading @@ -482,3 +482,18 @@ class CheckDebugTest(SimpleTestCase): @override_settings(DEBUG=False) def test_debug_false(self): self.assertEqual(self.func(None), []) class CheckAllowedHostsTest(SimpleTestCase): @property def func(self): from django.core.checks.security.base import check_allowed_hosts return check_allowed_hosts @override_settings(ALLOWED_HOSTS=[]) def test_allowed_hosts_empty(self): self.assertEqual(self.func(None), [base.W020]) @override_settings(ALLOWED_HOSTS=['.example.com', ]) def test_allowed_hosts_set(self): self.assertEqual(self.func(None), []) Loading
django/core/checks/security/base.py +10 −0 Original line number Diff line number Diff line Loading @@ -95,6 +95,11 @@ W019 = Warning( id='security.W019', ) W020 = Warning( "ALLOWED_HOSTS must not be empty in deployment.", id='security.W020', ) def _security_middleware(): return "django.middleware.security.SecurityMiddleware" in settings.MIDDLEWARE_CLASSES Loading Loading @@ -182,3 +187,8 @@ def check_xframe_deny(app_configs, **kwargs): settings.X_FRAME_OPTIONS == 'DENY' ) return [] if passed_check else [W019] @register(Tags.security, deploy=True) def check_allowed_hosts(app_configs, **kwargs): return [] if settings.ALLOWED_HOSTS else [W020]
docs/ref/checks.txt +1 −0 Original line number Diff line number Diff line Loading @@ -476,6 +476,7 @@ of the :djadmin:`check` command: ``'DENY'``. The default is ``'SAMEORIGIN'``, but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to ``'DENY'``. * **security.W020**: :setting:`ALLOWED_HOSTS` must not be empty in deployment. Sites ----- Loading
tests/check_framework/test_security.py +15 −0 Original line number Diff line number Diff line Loading @@ -482,3 +482,18 @@ class CheckDebugTest(SimpleTestCase): @override_settings(DEBUG=False) def test_debug_false(self): self.assertEqual(self.func(None), []) class CheckAllowedHostsTest(SimpleTestCase): @property def func(self): from django.core.checks.security.base import check_allowed_hosts return check_allowed_hosts @override_settings(ALLOWED_HOSTS=[]) def test_allowed_hosts_empty(self): self.assertEqual(self.func(None), [base.W020]) @override_settings(ALLOWED_HOSTS=['.example.com', ]) def test_allowed_hosts_set(self): self.assertEqual(self.func(None), [])
