2014-01-20 02:45:21 +00:00
|
|
|
|
======================
|
|
|
|
|
System check framework
|
|
|
|
|
======================
|
|
|
|
|
|
2015-07-28 13:31:44 +00:00
|
|
|
|
.. currentmodule:: django.core.checks
|
|
|
|
|
|
2014-01-20 02:45:21 +00:00
|
|
|
|
The system check framework is a set of static checks for validating Django
|
|
|
|
|
projects. It detects common problems and provides hints for how to fix them.
|
|
|
|
|
The framework is extensible so you can easily add your own checks.
|
|
|
|
|
|
2014-09-29 21:43:16 +00:00
|
|
|
|
For details on how to add your own checks and integrate them with Django's
|
2014-03-03 10:56:11 +00:00
|
|
|
|
system checks, see the :doc:`System check topic guide </topics/checks>`.
|
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
API reference
|
2015-07-28 13:31:44 +00:00
|
|
|
|
=============
|
|
|
|
|
|
|
|
|
|
``CheckMessage``
|
2017-03-20 22:30:32 +00:00
|
|
|
|
----------------
|
2015-07-28 13:31:44 +00:00
|
|
|
|
|
2016-02-12 16:36:46 +00:00
|
|
|
|
.. class:: CheckMessage(level, msg, hint=None, obj=None, id=None)
|
2015-07-28 13:31:44 +00:00
|
|
|
|
|
|
|
|
|
The warnings and errors raised by system checks must be instances of
|
|
|
|
|
``CheckMessage``. An instance encapsulates a single reportable error or
|
|
|
|
|
warning. It also provides context and hints applicable to the message, and a
|
|
|
|
|
unique identifier that is used for filtering purposes.
|
|
|
|
|
|
|
|
|
|
Constructor arguments are:
|
|
|
|
|
|
|
|
|
|
``level``
|
|
|
|
|
The severity of the message. Use one of the predefined values: ``DEBUG``,
|
|
|
|
|
``INFO``, ``WARNING``, ``ERROR``, ``CRITICAL``. If the level is greater or
|
|
|
|
|
equal to ``ERROR``, then Django will prevent management commands from
|
|
|
|
|
executing. Messages with level lower than ``ERROR`` (i.e. warnings) are
|
|
|
|
|
reported to the console, but can be silenced.
|
|
|
|
|
|
|
|
|
|
``msg``
|
|
|
|
|
A short (less than 80 characters) string describing the problem. The string
|
|
|
|
|
should *not* contain newlines.
|
|
|
|
|
|
|
|
|
|
``hint``
|
|
|
|
|
A single-line string providing a hint for fixing the problem. If no hint
|
|
|
|
|
can be provided, or the hint is self-evident from the error message, the
|
|
|
|
|
hint can be omitted, or a value of ``None`` can be used.
|
|
|
|
|
|
|
|
|
|
``obj``
|
|
|
|
|
Optional. An object providing context for the message (for example, the
|
|
|
|
|
model where the problem was discovered). The object should be a model,
|
2017-01-18 16:51:29 +00:00
|
|
|
|
field, or manager or any other object that defines a ``__str__()`` method.
|
|
|
|
|
The method is used while reporting all messages and its result precedes the
|
|
|
|
|
message.
|
2015-07-28 13:31:44 +00:00
|
|
|
|
|
|
|
|
|
``id``
|
|
|
|
|
Optional string. A unique identifier for the issue. Identifiers should
|
|
|
|
|
follow the pattern ``applabel.X001``, where ``X`` is one of the letters
|
|
|
|
|
``CEWID``, indicating the message severity (``C`` for criticals, ``E`` for
|
|
|
|
|
errors and so). The number can be allocated by the application, but should
|
|
|
|
|
be unique within that application.
|
|
|
|
|
|
|
|
|
|
There are subclasses to make creating messages with common levels easier. When
|
|
|
|
|
using them you can omit the ``level`` argument because it is implied by the
|
|
|
|
|
class name.
|
|
|
|
|
|
2016-02-12 16:36:46 +00:00
|
|
|
|
.. class:: Debug(msg, hint=None, obj=None, id=None)
|
|
|
|
|
.. class:: Info(msg, hint=None, obj=None, id=None)
|
|
|
|
|
.. class:: Warning(msg, hint=None obj=None, id=None)
|
|
|
|
|
.. class:: Error(msg, hint=None, obj=None, id=None)
|
|
|
|
|
.. class:: Critical(msg, hint=None, obj=None, id=None)
|
2015-07-28 13:31:44 +00:00
|
|
|
|
|
2016-01-12 01:59:34 +00:00
|
|
|
|
.. _system-check-builtin-tags:
|
|
|
|
|
|
2014-03-03 10:56:11 +00:00
|
|
|
|
Builtin tags
|
2017-01-05 00:53:23 +00:00
|
|
|
|
============
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
|
|
|
|
Django's system checks are organized using the following tags:
|
|
|
|
|
|
|
|
|
|
* ``admin``: Checks of any admin site declarations.
|
2020-03-20 20:20:48 +00:00
|
|
|
|
* ``async_support``: Checks asynchronous-related configuration.
|
2015-09-02 12:20:46 +00:00
|
|
|
|
* ``caches``: Checks cache related configuration.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* ``compatibility``: Flags potential problems with version upgrades.
|
2016-03-19 11:15:09 +00:00
|
|
|
|
* ``database``: Checks database-related configuration issues. Database checks
|
|
|
|
|
are not run by default because they do more than static code analysis as
|
|
|
|
|
regular checks do. They are only run by the :djadmin:`migrate` command or if
|
2020-02-07 07:46:13 +00:00
|
|
|
|
you specify configured database aliases using the ``--database`` option when
|
|
|
|
|
calling the :djadmin:`check` command.
|
2021-01-20 16:12:24 +00:00
|
|
|
|
* ``files``: Checks files related configuration.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* ``models``: Checks of model, field, and manager definitions.
|
|
|
|
|
* ``security``: Checks security related configuration.
|
|
|
|
|
* ``signals``: Checks on signal declarations and handler registrations.
|
2020-07-23 06:18:58 +00:00
|
|
|
|
* ``sites``: Checks :mod:`django.contrib.sites` configuration.
|
2017-01-02 22:35:43 +00:00
|
|
|
|
* ``staticfiles``: Checks :mod:`django.contrib.staticfiles` configuration.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* ``templates``: Checks template related configuration.
|
2018-09-06 11:49:25 +00:00
|
|
|
|
* ``translation``: Checks translation related configuration.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* ``urls``: Checks URL configuration.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
|
|
|
|
Some checks may be registered with multiple tags.
|
|
|
|
|
|
|
|
|
|
Core system checks
|
2017-01-05 00:53:23 +00:00
|
|
|
|
==================
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2020-03-20 20:20:48 +00:00
|
|
|
|
Asynchronous support
|
|
|
|
|
--------------------
|
|
|
|
|
|
|
|
|
|
The following checks verify your setup for :doc:`/topics/async`:
|
|
|
|
|
|
2020-04-30 10:12:05 +00:00
|
|
|
|
* **async.E001**: You should not set the :envvar:`DJANGO_ALLOW_ASYNC_UNSAFE`
|
2020-03-20 20:20:48 +00:00
|
|
|
|
environment variable in deployment. This disables :ref:`async safety
|
|
|
|
|
protection <async-safety>`.
|
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
Backwards compatibility
|
|
|
|
|
-----------------------
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2017-10-30 16:39:42 +00:00
|
|
|
|
Compatibility checks warn of potential problems that might occur after
|
|
|
|
|
upgrading Django.
|
|
|
|
|
|
2017-11-07 16:39:59 +00:00
|
|
|
|
* **2_0.W001**: Your URL pattern ``<pattern>`` has a ``route`` that contains
|
|
|
|
|
``(?P<``, begins with a ``^``, or ends with a ``$``. This was likely an
|
|
|
|
|
oversight when migrating from ``url()`` to :func:`~django.urls.path`.
|
2021-01-13 00:55:02 +00:00
|
|
|
|
* **4_0.E001**: As of Django 4.0, the values in the
|
|
|
|
|
:setting:`CSRF_TRUSTED_ORIGINS` setting must start with a scheme (usually
|
|
|
|
|
``http://`` or ``https://``) but found ``<hostname>``.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
|
|
|
|
|
Caches
|
|
|
|
|
------
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
The following checks verify that your :setting:`CACHES` setting is correctly
|
|
|
|
|
configured:
|
|
|
|
|
|
|
|
|
|
* **caches.E001**: You must define a ``'default'`` cache in your
|
|
|
|
|
:setting:`CACHES` setting.
|
2020-10-26 16:01:03 +00:00
|
|
|
|
* **caches.W002**: Your ``<cache>`` configuration might expose your cache or
|
|
|
|
|
lead to corruption of your data because its
|
|
|
|
|
:setting:`LOCATION <CACHES-LOCATION>` matches/is inside/contains
|
|
|
|
|
:setting:`MEDIA_ROOT`/:setting:`STATIC_ROOT`/:setting:`STATICFILES_DIRS`.
|
2020-11-08 14:57:51 +00:00
|
|
|
|
* **caches.W003**: Your ``<cache>`` cache :setting:`LOCATION <CACHES-LOCATION>`
|
|
|
|
|
is relative. Use an absolute path instead.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
|
|
|
|
|
Database
|
|
|
|
|
--------
|
|
|
|
|
|
2020-03-19 08:42:04 +00:00
|
|
|
|
MySQL and MariaDB
|
|
|
|
|
~~~~~~~~~~~~~~~~~
|
2017-01-05 00:53:23 +00:00
|
|
|
|
|
2020-03-19 08:42:04 +00:00
|
|
|
|
If you're using MySQL or MariaDB, the following checks will be performed:
|
2017-01-05 00:53:23 +00:00
|
|
|
|
|
2020-03-19 08:42:04 +00:00
|
|
|
|
* **mysql.E001**: MySQL/MariaDB does not allow unique ``CharField``\s to have a
|
2020-02-08 16:51:31 +00:00
|
|
|
|
``max_length`` > 255. *This check was changed to* ``mysql.W003`` *in Django
|
|
|
|
|
3.1 as the real maximum size depends on many factors.*
|
2020-03-19 08:42:04 +00:00
|
|
|
|
* **mysql.W002**: MySQL/MariaDB Strict Mode is not set for database connection
|
2020-05-27 07:07:02 +00:00
|
|
|
|
``<alias>``. See also :ref:`mysql-sql-mode`.
|
2020-02-08 16:51:31 +00:00
|
|
|
|
* **mysql.W003**: MySQL/MariaDB may not allow unique ``CharField``\s to have a
|
|
|
|
|
``max_length`` > 255.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
|
2021-01-20 16:12:24 +00:00
|
|
|
|
Managing files
|
|
|
|
|
--------------
|
|
|
|
|
|
|
|
|
|
The following checks verify your setup for :doc:`/topics/files`:
|
|
|
|
|
|
|
|
|
|
* **files.E001**: The :setting:`FILE_UPLOAD_TEMP_DIR` setting refers to the
|
|
|
|
|
nonexistent directory ``<path>``.
|
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
Model fields
|
|
|
|
|
------------
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
|
|
|
|
* **fields.E001**: Field names must not end with an underscore.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E002**: Field names must not contain ``"__"``.
|
|
|
|
|
* **fields.E003**: ``pk`` is a reserved word that cannot be used as a field
|
|
|
|
|
name.
|
2023-08-31 01:57:40 +00:00
|
|
|
|
* **fields.E004**: ``choices`` must be a mapping (e.g. a dictionary) or an
|
|
|
|
|
iterable (e.g. a list or tuple).
|
|
|
|
|
* **fields.E005**: ``choices`` must be a mapping of actual values to human
|
|
|
|
|
readable names or an iterable containing ``(actual value, human readable
|
|
|
|
|
name)`` tuples.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E006**: ``db_index`` must be ``None``, ``True`` or ``False``.
|
|
|
|
|
* **fields.E007**: Primary keys must not have ``null=True``.
|
2017-03-05 16:50:33 +00:00
|
|
|
|
* **fields.E008**: All ``validators`` must be callable.
|
2019-09-04 08:21:08 +00:00
|
|
|
|
* **fields.E009**: ``max_length`` is too small to fit the longest value in
|
|
|
|
|
``choices`` (``<count>`` characters).
|
2019-10-17 09:36:39 +00:00
|
|
|
|
* **fields.E010**: ``<field>`` default should be a callable instead of an
|
|
|
|
|
instance so that it's not shared between all field instances.
|
2020-11-22 22:27:57 +00:00
|
|
|
|
* **fields.E011**: ``<database>`` does not support default database values with
|
|
|
|
|
expressions (``db_default``).
|
|
|
|
|
* **fields.E012**: ``<expression>`` cannot be used in ``db_default``.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E100**: ``AutoField``\s must set primary_key=True.
|
2017-05-06 14:56:28 +00:00
|
|
|
|
* **fields.E110**: ``BooleanField``\s do not accept null values. *This check
|
|
|
|
|
appeared before support for null values was added in Django 2.1.*
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E120**: ``CharField``\s must define a ``max_length`` attribute.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **fields.E121**: ``max_length`` must be a positive integer.
|
2017-12-11 15:35:19 +00:00
|
|
|
|
* **fields.W122**: ``max_length`` is ignored when used with
|
|
|
|
|
``<integer field type>``.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E130**: ``DecimalField``\s must define a ``decimal_places`` attribute.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **fields.E131**: ``decimal_places`` must be a non-negative integer.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E132**: ``DecimalField``\s must define a ``max_digits`` attribute.
|
2021-09-28 08:57:16 +00:00
|
|
|
|
* **fields.E133**: ``max_digits`` must be a positive integer.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **fields.E134**: ``max_digits`` must be greater or equal to ``decimal_places``.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E140**: ``FilePathField``\s must have either ``allow_files`` or
|
|
|
|
|
``allow_folders`` set to True.
|
2021-09-28 08:57:16 +00:00
|
|
|
|
* **fields.E150**: ``GenericIPAddressField``\s cannot have ``blank=True`` if
|
|
|
|
|
``null=False``, as blank values are stored as nulls.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E160**: The options ``auto_now``, ``auto_now_add``, and ``default``
|
|
|
|
|
are mutually exclusive. Only one of these options may be present.
|
2014-02-22 13:29:43 +00:00
|
|
|
|
* **fields.W161**: Fixed default value provided.
|
2017-05-23 15:02:40 +00:00
|
|
|
|
* **fields.W162**: ``<database>`` does not support a database index on
|
|
|
|
|
``<field data type>`` columns.
|
2022-10-16 05:59:39 +00:00
|
|
|
|
* **fields.W163**: ``<database>`` does not support comments on columns
|
|
|
|
|
(``db_comment``).
|
2019-03-17 20:47:21 +00:00
|
|
|
|
* **fields.E170**: ``BinaryField``’s ``default`` cannot be a string. Use bytes
|
|
|
|
|
content instead.
|
2019-06-09 00:56:37 +00:00
|
|
|
|
* **fields.E180**: ``<database>`` does not support ``JSONField``\s.
|
2020-07-18 11:17:39 +00:00
|
|
|
|
* **fields.E190**: ``<database>`` does not support a database collation on
|
|
|
|
|
``<field_type>``\s.
|
2023-07-07 02:36:48 +00:00
|
|
|
|
* **fields.E220**: ``<database>`` does not support ``GeneratedField``\s.
|
|
|
|
|
* **fields.E221**: ``<database>`` does not support non-persisted
|
|
|
|
|
``GeneratedField``\s.
|
|
|
|
|
* **fields.E222**: ``<database>`` does not support persisted
|
|
|
|
|
``GeneratedField``\s.
|
2023-11-12 19:33:06 +00:00
|
|
|
|
* **fields.E223**: ``GeneratedField.output_field`` has errors: ...
|
|
|
|
|
* **fields.W224**: ``GeneratedField.output_field`` has warnings: ...
|
2015-01-18 01:42:41 +00:00
|
|
|
|
* **fields.E900**: ``IPAddressField`` has been removed except for support in
|
|
|
|
|
historical migrations.
|
2014-12-30 20:45:03 +00:00
|
|
|
|
* **fields.W900**: ``IPAddressField`` has been deprecated. Support for it
|
2015-01-18 01:42:41 +00:00
|
|
|
|
(except in historical migrations) will be removed in Django 1.9. *This check
|
|
|
|
|
appeared in Django 1.7 and 1.8*.
|
2016-02-07 23:22:48 +00:00
|
|
|
|
* **fields.W901**: ``CommaSeparatedIntegerField`` has been deprecated. Support
|
2016-12-31 15:30:41 +00:00
|
|
|
|
for it (except in historical migrations) will be removed in Django 2.0. *This
|
|
|
|
|
check appeared in Django 1.10 and 1.11*.
|
|
|
|
|
* **fields.E901**: ``CommaSeparatedIntegerField`` is removed except for support
|
|
|
|
|
in historical migrations.
|
2018-10-02 23:17:23 +00:00
|
|
|
|
* **fields.W902**: ``FloatRangeField`` is deprecated and will be removed in
|
2019-09-05 14:10:21 +00:00
|
|
|
|
Django 3.1. *This check appeared in Django 2.2 and 3.0*.
|
2020-03-31 02:16:33 +00:00
|
|
|
|
* **fields.W903**: ``NullBooleanField`` is deprecated. Support for it (except
|
2021-01-13 20:28:09 +00:00
|
|
|
|
in historical migrations) will be removed in Django 4.0. *This check appeared
|
|
|
|
|
in Django 3.1 and 3.2*.
|
|
|
|
|
* **fields.E903**: ``NullBooleanField`` is removed except for support in
|
|
|
|
|
historical migrations.
|
2019-06-09 00:56:37 +00:00
|
|
|
|
* **fields.W904**: ``django.contrib.postgres.fields.JSONField`` is deprecated.
|
|
|
|
|
Support for it (except in historical migrations) will be removed in Django
|
2021-01-14 08:33:12 +00:00
|
|
|
|
4.0. *This check appeared in Django 3.1 and 3.2*.
|
|
|
|
|
* **fields.E904**: ``django.contrib.postgres.fields.JSONField`` is removed
|
|
|
|
|
except for support in historical migrations.
|
2022-08-03 09:42:51 +00:00
|
|
|
|
* **fields.W905**: ``django.contrib.postgres.fields.CICharField`` is
|
|
|
|
|
deprecated. Support for it (except in historical migrations) will be removed
|
2023-09-13 12:03:45 +00:00
|
|
|
|
in Django 5.1. *This check appeared in Django 4.2 and 5.0*.
|
|
|
|
|
* **fields.E905**: ``django.contrib.postgres.fields.CICharField`` is removed
|
|
|
|
|
except for support in historical migrations.
|
2022-08-03 09:42:51 +00:00
|
|
|
|
* **fields.W906**: ``django.contrib.postgres.fields.CIEmailField`` is
|
|
|
|
|
deprecated. Support for it (except in historical migrations) will be removed
|
2023-09-13 12:03:45 +00:00
|
|
|
|
in Django 5.1. *This check appeared in Django 4.2 and 5.0*.
|
|
|
|
|
* **fields.E906**: ``django.contrib.postgres.fields.CIEmailField`` is removed
|
|
|
|
|
except for support in historical migrations.
|
2022-08-03 09:42:51 +00:00
|
|
|
|
* **fields.W907**: ``django.contrib.postgres.fields.CITextField`` is
|
|
|
|
|
deprecated. Support for it (except in historical migrations) will be removed
|
2023-09-13 12:03:45 +00:00
|
|
|
|
in Django 5.1. *This check appeared in Django 4.2 and 5.0*.
|
|
|
|
|
* **fields.E907**: ``django.contrib.postgres.fields.CITextField`` is removed
|
|
|
|
|
except for support for historical migrations.
|
2014-02-22 13:29:43 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
File fields
|
2014-03-03 10:56:11 +00:00
|
|
|
|
~~~~~~~~~~~
|
|
|
|
|
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E200**: ``unique`` is not a valid argument for a ``FileField``.
|
2016-09-20 21:31:23 +00:00
|
|
|
|
*This check is removed in Django 1.11*.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E201**: ``primary_key`` is not a valid argument for a ``FileField``.
|
2016-11-26 18:23:03 +00:00
|
|
|
|
* **fields.E202**: ``FileField``’s ``upload_to`` argument must be a relative
|
|
|
|
|
path, not an absolute path.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E210**: Cannot use ``ImageField`` because Pillow is not installed.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
Related fields
|
2014-03-03 10:56:11 +00:00
|
|
|
|
~~~~~~~~~~~~~~
|
|
|
|
|
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E300**: Field defines a relation with model ``<model>``, which is
|
|
|
|
|
either not installed, or is abstract.
|
2020-12-28 11:17:58 +00:00
|
|
|
|
* **fields.E301**: Field defines a relation with the model
|
|
|
|
|
``<app_label>.<model>`` which has been swapped out.
|
2021-09-22 05:53:10 +00:00
|
|
|
|
* **fields.E302**: Reverse accessor ``<related model>.<accessor name>`` for
|
|
|
|
|
``<app_label>.<model>.<field name>`` clashes with field name
|
|
|
|
|
``<app_label>.<model>.<field name>``.
|
2021-09-28 08:57:16 +00:00
|
|
|
|
* **fields.E303**: Reverse query name for ``<app_label>.<model>.<field name>``
|
|
|
|
|
clashes with field name ``<app_label>.<model>.<field name>``.
|
2021-09-22 05:53:10 +00:00
|
|
|
|
* **fields.E304**: Reverse accessor ``<related model>.<accessor name>`` for
|
|
|
|
|
``<app_label>.<model>.<field name>`` clashes with reverse accessor for
|
|
|
|
|
``<app_label>.<model>.<field name>``.
|
2021-09-28 08:57:16 +00:00
|
|
|
|
* **fields.E305**: Reverse query name for ``<app_label>.<model>.<field name>``
|
|
|
|
|
clashes with reverse query name for ``<app_label>.<model>.<field name>``.
|
|
|
|
|
* **fields.E306**: The name ``<name>`` is invalid ``related_name`` for field
|
|
|
|
|
``<model>.<field name>``.
|
2016-05-18 15:18:40 +00:00
|
|
|
|
* **fields.E307**: The field ``<app label>.<model>.<field name>`` was declared
|
|
|
|
|
with a lazy reference to ``<app label>.<model>``, but app ``<app label>``
|
|
|
|
|
isn't installed or doesn't provide model ``<model>``.
|
2016-05-22 19:10:24 +00:00
|
|
|
|
* **fields.E308**: Reverse query name ``<related query name>`` must not end
|
|
|
|
|
with an underscore.
|
|
|
|
|
* **fields.E309**: Reverse query name ``<related query name>`` must not contain
|
|
|
|
|
``'__'``.
|
2015-10-13 13:08:27 +00:00
|
|
|
|
* **fields.E310**: No subset of the fields ``<field1>``, ``<field2>``, ... on
|
2020-02-26 11:00:52 +00:00
|
|
|
|
model ``<model>`` is unique.
|
2020-02-19 21:57:16 +00:00
|
|
|
|
* **fields.E311**: ``<model>.<field name>`` must be unique because it is
|
2014-06-06 19:19:20 +00:00
|
|
|
|
referenced by a ``ForeignKey``.
|
2016-06-07 08:55:27 +00:00
|
|
|
|
* **fields.E312**: The ``to_field`` ``<field name>`` doesn't exist on the
|
|
|
|
|
related model ``<app label>.<model>``.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E320**: Field specifies ``on_delete=SET_NULL``, but cannot be null.
|
|
|
|
|
* **fields.E321**: The field specifies ``on_delete=SET_DEFAULT``, but has no
|
|
|
|
|
default value.
|
|
|
|
|
* **fields.E330**: ``ManyToManyField``\s cannot be unique.
|
|
|
|
|
* **fields.E331**: Field specifies a many-to-many relation through model
|
|
|
|
|
``<model>``, which has not been installed.
|
|
|
|
|
* **fields.E332**: Many-to-many fields with intermediate tables must not be
|
2019-04-19 16:12:04 +00:00
|
|
|
|
symmetrical. *This check appeared before Django 3.0.*
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **fields.E333**: The model is used as an intermediate model by ``<model>``,
|
|
|
|
|
but it has more than two foreign keys to ``<model>``, which is ambiguous.
|
|
|
|
|
You must specify which two foreign keys Django should use via the
|
|
|
|
|
``through_fields`` keyword argument.
|
|
|
|
|
* **fields.E334**: The model is used as an intermediate model by ``<model>``,
|
|
|
|
|
but it has more than one foreign key from ``<model>``, which is ambiguous.
|
|
|
|
|
You must specify which foreign key Django should use via the
|
|
|
|
|
``through_fields`` keyword argument.
|
|
|
|
|
* **fields.E335**: The model is used as an intermediate model by ``<model>``,
|
|
|
|
|
but it has more than one foreign key to ``<model>``, which is ambiguous.
|
|
|
|
|
You must specify which foreign key Django should use via the
|
|
|
|
|
``through_fields`` keyword argument.
|
|
|
|
|
* **fields.E336**: The model is used as an intermediary model by ``<model>``,
|
|
|
|
|
but it does not have foreign key to ``<model>`` or ``<model>``.
|
|
|
|
|
* **fields.E337**: Field specifies ``through_fields`` but does not provide the
|
|
|
|
|
names of the two link fields that should be used for the relation through
|
|
|
|
|
``<model>``.
|
|
|
|
|
* **fields.E338**: The intermediary model ``<through model>`` has no field
|
|
|
|
|
``<field name>``.
|
2014-03-07 11:56:28 +00:00
|
|
|
|
* **fields.E339**: ``<model>.<field name>`` is not a foreign key to ``<model>``.
|
2016-06-03 19:55:30 +00:00
|
|
|
|
* **fields.E340**: The field's intermediary table ``<table name>`` clashes with
|
|
|
|
|
the table name of ``<model>``/``<model>.<field name>``.
|
2014-07-08 20:42:40 +00:00
|
|
|
|
* **fields.W340**: ``null`` has no effect on ``ManyToManyField``.
|
|
|
|
|
* **fields.W341**: ``ManyToManyField`` does not support ``validators``.
|
2014-09-08 17:38:07 +00:00
|
|
|
|
* **fields.W342**: Setting ``unique=True`` on a ``ForeignKey`` has the same
|
|
|
|
|
effect as using a ``OneToOneField``.
|
2016-07-08 23:37:40 +00:00
|
|
|
|
* **fields.W343**: ``limit_choices_to`` has no effect on ``ManyToManyField``
|
2021-09-08 11:57:49 +00:00
|
|
|
|
with a ``through`` model. *This check appeared before Django 4.0.*
|
2020-02-13 11:46:15 +00:00
|
|
|
|
* **fields.W344**: The field's intermediary table ``<table name>`` clashes with
|
|
|
|
|
the table name of ``<model>``/``<model>.<field name>``.
|
2021-08-04 20:19:29 +00:00
|
|
|
|
* **fields.W345**: ``related_name`` has no effect on ``ManyToManyField`` with a
|
|
|
|
|
symmetrical relationship, e.g. to "self".
|
2022-10-16 05:59:39 +00:00
|
|
|
|
* **fields.W346**: ``db_comment`` has no effect on ``ManyToManyField``.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
Models
|
|
|
|
|
------
|
|
|
|
|
|
|
|
|
|
* **models.E001**: ``<swappable>`` is not of the form ``app_label.app_name``.
|
|
|
|
|
* **models.E002**: ``<SETTING>`` references ``<model>``, which has not been
|
|
|
|
|
installed, or is abstract.
|
2018-07-18 22:21:40 +00:00
|
|
|
|
* **models.E003**: The model has two identical many-to-many relations through
|
|
|
|
|
the intermediate model ``<app_label>.<model>``.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **models.E004**: ``id`` can only be used as a field name if the field also
|
|
|
|
|
sets ``primary_key=True``.
|
|
|
|
|
* **models.E005**: The field ``<field name>`` from parent model ``<model>``
|
|
|
|
|
clashes with the field ``<field name>`` from parent model ``<model>``.
|
2021-09-28 08:57:16 +00:00
|
|
|
|
* **models.E006**: The field ``<field name>`` clashes with the field
|
|
|
|
|
``<field name>`` from model ``<model>``.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **models.E007**: Field ``<field name>`` has column name ``<column name>``
|
|
|
|
|
that is used by another field.
|
2023-09-12 03:56:16 +00:00
|
|
|
|
* **models.E008**: ``index_together`` must be a list or tuple. *This check
|
|
|
|
|
appeared before Django 5.1.*
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **models.E009**: All ``index_together`` elements must be lists or tuples.
|
2023-09-12 03:56:16 +00:00
|
|
|
|
*This check appeared before Django 5.1.*
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **models.E010**: ``unique_together`` must be a list or tuple.
|
|
|
|
|
* **models.E011**: All ``unique_together`` elements must be lists or tuples.
|
2023-09-12 03:56:16 +00:00
|
|
|
|
* **models.E012**: ``constraints/indexes/unique_together`` refers to the
|
|
|
|
|
nonexistent field ``<field name>``.
|
|
|
|
|
* **models.E013**: ``constraints/indexes/unique_together`` refers to a
|
|
|
|
|
``ManyToManyField`` ``<field name>``, but ``ManyToManyField``\s are not
|
|
|
|
|
supported for that option.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **models.E014**: ``ordering`` must be a tuple or list (even if you want to
|
|
|
|
|
order by only one field).
|
2019-03-01 18:38:21 +00:00
|
|
|
|
* **models.E015**: ``ordering`` refers to the nonexistent field, related field,
|
2019-03-01 16:09:33 +00:00
|
|
|
|
or lookup ``<field name>``.
|
2023-09-12 03:56:16 +00:00
|
|
|
|
* **models.E016**: ``constraints/indexes/unique_together`` refers to field
|
|
|
|
|
``<field_name>`` which is not local to model ``<model>``.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **models.E017**: Proxy model ``<model>`` contains model fields.
|
|
|
|
|
* **models.E018**: Autogenerated column name too long for field ``<field>``.
|
|
|
|
|
Maximum length is ``<maximum length>`` for database ``<alias>``.
|
|
|
|
|
* **models.E019**: Autogenerated column name too long for M2M field
|
|
|
|
|
``<M2M field>``. Maximum length is ``<maximum length>`` for database
|
|
|
|
|
``<alias>``.
|
|
|
|
|
* **models.E020**: The ``<model>.check()`` class method is currently overridden.
|
|
|
|
|
* **models.E021**: ``ordering`` and ``order_with_respect_to`` cannot be used
|
|
|
|
|
together.
|
|
|
|
|
* **models.E022**: ``<function>`` contains a lazy reference to
|
|
|
|
|
``<app label>.<model>``, but app ``<app label>`` isn't installed or
|
|
|
|
|
doesn't provide model ``<model>``.
|
|
|
|
|
* **models.E023**: The model name ``<model>`` cannot start or end with an
|
|
|
|
|
underscore as it collides with the query lookup syntax.
|
|
|
|
|
* **models.E024**: The model name ``<model>`` cannot contain double underscores
|
|
|
|
|
as it collides with the query lookup syntax.
|
2017-12-29 01:22:20 +00:00
|
|
|
|
* **models.E025**: The property ``<property name>`` clashes with a related
|
|
|
|
|
field accessor.
|
2018-05-03 13:28:37 +00:00
|
|
|
|
* **models.E026**: The model cannot have more than one field with
|
|
|
|
|
``primary_key=True``.
|
2016-11-05 13:12:12 +00:00
|
|
|
|
* **models.W027**: ``<database>`` does not support check constraints.
|
2018-12-12 20:11:50 +00:00
|
|
|
|
* **models.E028**: ``db_table`` ``<db_table>`` is used by multiple models:
|
|
|
|
|
``<model list>``.
|
2019-05-01 13:39:02 +00:00
|
|
|
|
* **models.E029**: index name ``<index>`` is not unique for model ``<model>``.
|
2020-05-25 16:05:22 +00:00
|
|
|
|
* **models.E030**: index name ``<index>`` is not unique among models:
|
2019-05-01 13:39:02 +00:00
|
|
|
|
``<model list>``.
|
|
|
|
|
* **models.E031**: constraint name ``<constraint>`` is not unique for model
|
|
|
|
|
``<model>``.
|
2020-05-25 16:05:22 +00:00
|
|
|
|
* **models.E032**: constraint name ``<constraint>`` is not unique among
|
2019-05-01 13:39:02 +00:00
|
|
|
|
models: ``<model list>``.
|
2019-07-04 16:21:50 +00:00
|
|
|
|
* **models.E033**: The index name ``<index>`` cannot start with an underscore
|
|
|
|
|
or a number.
|
|
|
|
|
* **models.E034**: The index name ``<index>`` cannot be longer than
|
|
|
|
|
``<max_length>`` characters.
|
2019-08-03 11:22:27 +00:00
|
|
|
|
* **models.W035**: ``db_table`` ``<db_table>`` is used by multiple models:
|
|
|
|
|
``<model list>``.
|
2020-03-11 19:01:32 +00:00
|
|
|
|
* **models.W036**: ``<database>`` does not support unique constraints with
|
|
|
|
|
conditions.
|
|
|
|
|
* **models.W037**: ``<database>`` does not support indexes with conditions.
|
2018-08-27 02:25:06 +00:00
|
|
|
|
* **models.W038**: ``<database>`` does not support deferrable unique
|
|
|
|
|
constraints.
|
2020-06-03 04:44:05 +00:00
|
|
|
|
* **models.W039**: ``<database>`` does not support unique constraints with
|
|
|
|
|
non-key columns.
|
|
|
|
|
* **models.W040**: ``<database>`` does not support indexes with non-key
|
|
|
|
|
columns.
|
2020-05-22 13:27:43 +00:00
|
|
|
|
* **models.E041**: ``constraints`` refers to the joined field ``<field name>``.
|
2020-07-12 12:59:57 +00:00
|
|
|
|
* **models.W042**: Auto-created primary key used when not defining a primary
|
|
|
|
|
key type, by default ``django.db.models.AutoField``.
|
2019-10-10 18:04:17 +00:00
|
|
|
|
* **models.W043**: ``<database>`` does not support indexes on expressions.
|
2021-02-06 19:45:54 +00:00
|
|
|
|
* **models.W044**: ``<database>`` does not support unique constraints on
|
|
|
|
|
expressions.
|
2022-01-31 15:04:13 +00:00
|
|
|
|
* **models.W045**: Check constraint ``<constraint>`` contains ``RawSQL()``
|
|
|
|
|
expression and won't be validated during the model ``full_clean()``.
|
2022-10-16 05:59:39 +00:00
|
|
|
|
* **models.W046**: ``<database>`` does not support comments on tables
|
|
|
|
|
(``db_table_comment``).
|
2023-07-07 23:43:51 +00:00
|
|
|
|
* **models.W047**: ``<database>`` does not support unique constraints with
|
|
|
|
|
nulls distinct.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
|
|
|
|
|
Security
|
|
|
|
|
--------
|
|
|
|
|
|
|
|
|
|
The security checks do not make your site secure. They do not audit code, do
|
|
|
|
|
intrusion detection, or do anything particularly complex. Rather, they help
|
2019-06-17 14:54:55 +00:00
|
|
|
|
perform an automated, low-hanging-fruit checklist, that can help you to improve
|
|
|
|
|
your site's security.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
|
|
|
|
|
Some of these checks may not be appropriate for your particular deployment
|
|
|
|
|
configuration. For instance, if you do your HTTP to HTTPS redirection in a load
|
|
|
|
|
balancer, it'd be irritating to be constantly warned about not having enabled
|
|
|
|
|
:setting:`SECURE_SSL_REDIRECT`. Use :setting:`SILENCED_SYSTEM_CHECKS` to
|
|
|
|
|
silence unneeded checks.
|
|
|
|
|
|
|
|
|
|
The following checks are run if you use the :option:`check --deploy` option:
|
|
|
|
|
|
|
|
|
|
* **security.W001**: You do not have
|
|
|
|
|
:class:`django.middleware.security.SecurityMiddleware` in your
|
2016-12-31 18:24:00 +00:00
|
|
|
|
:setting:`MIDDLEWARE` so the :setting:`SECURE_HSTS_SECONDS`,
|
2021-04-23 12:59:35 +00:00
|
|
|
|
:setting:`SECURE_CONTENT_TYPE_NOSNIFF`, :setting:`SECURE_REFERRER_POLICY`,
|
2020-08-26 16:09:19 +00:00
|
|
|
|
:setting:`SECURE_CROSS_ORIGIN_OPENER_POLICY`, and
|
|
|
|
|
:setting:`SECURE_SSL_REDIRECT` settings will have no effect.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **security.W002**: You do not have
|
|
|
|
|
:class:`django.middleware.clickjacking.XFrameOptionsMiddleware` in your
|
2016-12-31 18:24:00 +00:00
|
|
|
|
:setting:`MIDDLEWARE`, so your pages will not be served with an
|
2017-01-05 00:53:23 +00:00
|
|
|
|
``'x-frame-options'`` header. Unless there is a good reason for your
|
|
|
|
|
site to be served in a frame, you should consider enabling this
|
|
|
|
|
header to help prevent clickjacking attacks.
|
|
|
|
|
* **security.W003**: You don't appear to be using Django's built-in cross-site
|
|
|
|
|
request forgery protection via the middleware
|
|
|
|
|
(:class:`django.middleware.csrf.CsrfViewMiddleware` is not in your
|
2016-12-31 18:24:00 +00:00
|
|
|
|
:setting:`MIDDLEWARE`). Enabling the middleware is the safest
|
2017-01-05 00:53:23 +00:00
|
|
|
|
approach to ensure you don't leave any holes.
|
|
|
|
|
* **security.W004**: You have not set a value for the
|
|
|
|
|
:setting:`SECURE_HSTS_SECONDS` setting. If your entire site is served only
|
|
|
|
|
over SSL, you may want to consider setting a value and enabling :ref:`HTTP
|
|
|
|
|
Strict Transport Security <http-strict-transport-security>`. Be sure to read
|
|
|
|
|
the documentation first; enabling HSTS carelessly can cause serious,
|
|
|
|
|
irreversible problems.
|
|
|
|
|
* **security.W005**: You have not set the
|
|
|
|
|
:setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting to ``True``. Without this,
|
|
|
|
|
your site is potentially vulnerable to attack via an insecure connection to a
|
|
|
|
|
subdomain. Only set this to ``True`` if you are certain that all subdomains of
|
|
|
|
|
your domain should be served exclusively via SSL.
|
|
|
|
|
* **security.W006**: Your :setting:`SECURE_CONTENT_TYPE_NOSNIFF` setting is not
|
|
|
|
|
set to ``True``, so your pages will not be served with an
|
2018-10-29 22:19:04 +00:00
|
|
|
|
``'X-Content-Type-Options: nosniff'`` header. You should consider enabling
|
2017-01-05 00:53:23 +00:00
|
|
|
|
this header to prevent the browser from identifying content types incorrectly.
|
2021-04-23 12:59:35 +00:00
|
|
|
|
* **security.W007**: Your ``SECURE_BROWSER_XSS_FILTER`` setting is not
|
2017-01-05 00:53:23 +00:00
|
|
|
|
set to ``True``, so your pages will not be served with an
|
2018-10-29 22:19:04 +00:00
|
|
|
|
``'X-XSS-Protection: 1; mode=block'`` header. You should consider enabling
|
2017-01-05 00:53:23 +00:00
|
|
|
|
this header to activate the browser's XSS filtering and help prevent XSS
|
2020-05-27 07:07:02 +00:00
|
|
|
|
attacks. *This check is removed in Django 3.0 as the* ``X-XSS-Protection``
|
|
|
|
|
*header is no longer honored by modern browsers.*
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **security.W008**: Your :setting:`SECURE_SSL_REDIRECT` setting is not set to
|
|
|
|
|
``True``. Unless your site should be available over both SSL and non-SSL
|
|
|
|
|
connections, you may want to either set this setting to ``True`` or configure
|
|
|
|
|
a load balancer or reverse-proxy server to redirect all connections to HTTPS.
|
2020-07-13 17:40:38 +00:00
|
|
|
|
* **security.W009**: Your :setting:`SECRET_KEY` has less than 50 characters,
|
|
|
|
|
less than 5 unique characters, or it's prefixed with ``'django-insecure-'``
|
|
|
|
|
indicating that it was generated automatically by Django. Please generate a
|
2021-12-14 03:47:03 +00:00
|
|
|
|
long and random value, otherwise many of Django's security-critical features
|
|
|
|
|
will be vulnerable to attack.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **security.W010**: You have :mod:`django.contrib.sessions` in your
|
|
|
|
|
:setting:`INSTALLED_APPS` but you have not set
|
|
|
|
|
:setting:`SESSION_COOKIE_SECURE` to ``True``. Using a secure-only session
|
|
|
|
|
cookie makes it more difficult for network traffic sniffers to hijack user
|
|
|
|
|
sessions.
|
|
|
|
|
* **security.W011**: You have
|
|
|
|
|
:class:`django.contrib.sessions.middleware.SessionMiddleware` in your
|
2016-12-31 18:24:00 +00:00
|
|
|
|
:setting:`MIDDLEWARE`, but you have not set :setting:`SESSION_COOKIE_SECURE`
|
|
|
|
|
to ``True``. Using a secure-only session cookie makes it more difficult for
|
|
|
|
|
network traffic sniffers to hijack user sessions.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **security.W012**: :setting:`SESSION_COOKIE_SECURE` is not set to ``True``.
|
|
|
|
|
Using a secure-only session cookie makes it more difficult for network traffic
|
|
|
|
|
sniffers to hijack user sessions.
|
|
|
|
|
* **security.W013**: You have :mod:`django.contrib.sessions` in your
|
|
|
|
|
:setting:`INSTALLED_APPS`, but you have not set
|
|
|
|
|
:setting:`SESSION_COOKIE_HTTPONLY` to ``True``. Using an ``HttpOnly`` session
|
|
|
|
|
cookie makes it more difficult for cross-site scripting attacks to hijack user
|
|
|
|
|
sessions.
|
|
|
|
|
* **security.W014**: You have
|
|
|
|
|
:class:`django.contrib.sessions.middleware.SessionMiddleware` in your
|
2016-12-31 18:24:00 +00:00
|
|
|
|
:setting:`MIDDLEWARE`, but you have not set :setting:`SESSION_COOKIE_HTTPONLY`
|
|
|
|
|
to ``True``. Using an ``HttpOnly`` session cookie makes it more difficult for
|
|
|
|
|
cross-site scripting attacks to hijack user sessions.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **security.W015**: :setting:`SESSION_COOKIE_HTTPONLY` is not set to ``True``.
|
|
|
|
|
Using an ``HttpOnly`` session cookie makes it more difficult for cross-site
|
|
|
|
|
scripting attacks to hijack user sessions.
|
|
|
|
|
* **security.W016**: :setting:`CSRF_COOKIE_SECURE` is not set to ``True``.
|
|
|
|
|
Using a secure-only CSRF cookie makes it more difficult for network traffic
|
|
|
|
|
sniffers to steal the CSRF token.
|
|
|
|
|
* **security.W017**: :setting:`CSRF_COOKIE_HTTPONLY` is not set to ``True``.
|
|
|
|
|
Using an ``HttpOnly`` CSRF cookie makes it more difficult for cross-site
|
|
|
|
|
scripting attacks to steal the CSRF token. *This check is removed in Django
|
2019-07-02 07:36:17 +00:00
|
|
|
|
1.11 as the* :setting:`CSRF_COOKIE_HTTPONLY` *setting offers no practical
|
2017-01-05 00:53:23 +00:00
|
|
|
|
benefit.*
|
|
|
|
|
* **security.W018**: You should not have :setting:`DEBUG` set to ``True`` in
|
|
|
|
|
deployment.
|
|
|
|
|
* **security.W019**: You have
|
|
|
|
|
:class:`django.middleware.clickjacking.XFrameOptionsMiddleware` in your
|
2016-12-31 18:24:00 +00:00
|
|
|
|
:setting:`MIDDLEWARE`, but :setting:`X_FRAME_OPTIONS` is not set to
|
2019-09-07 07:52:10 +00:00
|
|
|
|
``'DENY'``. Unless there is a good reason for your site to serve other parts
|
|
|
|
|
of itself in a frame, you should change it to ``'DENY'``.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **security.W020**: :setting:`ALLOWED_HOSTS` must not be empty in deployment.
|
|
|
|
|
* **security.W021**: You have not set the
|
|
|
|
|
:setting:`SECURE_HSTS_PRELOAD` setting to ``True``. Without this, your site
|
|
|
|
|
cannot be submitted to the browser preload list.
|
2019-03-21 21:33:41 +00:00
|
|
|
|
* **security.W022**: You have not set the :setting:`SECURE_REFERRER_POLICY`
|
|
|
|
|
setting. Without this, your site will not send a Referrer-Policy header. You
|
|
|
|
|
should consider enabling this header to protect user privacy.
|
|
|
|
|
* **security.E023**: You have set the :setting:`SECURE_REFERRER_POLICY` setting
|
|
|
|
|
to an invalid value.
|
2020-08-26 16:09:19 +00:00
|
|
|
|
* **security.E024**: You have set the
|
|
|
|
|
:setting:`SECURE_CROSS_ORIGIN_OPENER_POLICY` setting to an invalid value.
|
2021-12-14 03:47:03 +00:00
|
|
|
|
* **security.W025**: Your
|
|
|
|
|
:setting:`SECRET_KEY_FALLBACKS[n] <SECRET_KEY_FALLBACKS>` has less than 50
|
|
|
|
|
characters, less than 5 unique characters, or it's prefixed with
|
|
|
|
|
``'django-insecure-'`` indicating that it was generated automatically by
|
|
|
|
|
Django. Please generate a long and random value, otherwise many of Django's
|
|
|
|
|
security-critical features will be vulnerable to attack.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
|
2020-07-31 18:56:33 +00:00
|
|
|
|
The following checks verify that your security-related settings are correctly
|
|
|
|
|
configured:
|
|
|
|
|
|
2021-01-14 09:27:04 +00:00
|
|
|
|
* **security.E100**: ``DEFAULT_HASHING_ALGORITHM`` must be ``'sha1'`` or
|
|
|
|
|
``'sha256'``. *This check appeared in Django 3.1 and 3.2*.
|
2021-01-12 10:22:13 +00:00
|
|
|
|
* **security.E101**: The CSRF failure view ``'path.to.view'`` does not take the
|
|
|
|
|
correct number of arguments.
|
|
|
|
|
* **security.E102**: The CSRF failure view ``'path.to.view'`` could not be
|
|
|
|
|
imported.
|
2020-07-31 18:56:33 +00:00
|
|
|
|
|
2014-03-03 10:56:11 +00:00
|
|
|
|
Signals
|
2017-01-05 00:53:23 +00:00
|
|
|
|
-------
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **signals.E001**: ``<handler>`` was connected to the ``<signal>`` signal with
|
2016-03-30 08:34:44 +00:00
|
|
|
|
a lazy reference to the sender ``<app label>.<model>``, but app ``<app label>``
|
|
|
|
|
isn't installed or doesn't provide model ``<model>``.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
Templates
|
|
|
|
|
---------
|
2014-03-03 11:20:48 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
The following checks verify that your :setting:`TEMPLATES` setting is correctly
|
|
|
|
|
configured:
|
2014-03-03 11:20:48 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **templates.E001**: You have ``'APP_DIRS': True`` in your
|
|
|
|
|
:setting:`TEMPLATES` but also specify ``'loaders'`` in ``OPTIONS``. Either
|
2024-03-18 13:50:32 +00:00
|
|
|
|
remove ``APP_DIRS`` or remove the ``'loaders'`` option. *This check is
|
|
|
|
|
removed in Django 5.1 as system checks may now raise*
|
|
|
|
|
``ImproperlyConfigured`` *instead.*
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **templates.E002**: ``string_if_invalid`` in :setting:`TEMPLATES`
|
|
|
|
|
:setting:`OPTIONS <TEMPLATES-OPTIONS>` must be a string but got: ``{value}``
|
|
|
|
|
(``{type}``).
|
2021-08-03 14:20:49 +00:00
|
|
|
|
* **templates.E003**:``<name>`` is used for multiple template tag modules:
|
2022-10-03 08:52:21 +00:00
|
|
|
|
``<module list>``. *This check was changed to* ``templates.W003`` *in Django
|
|
|
|
|
4.1.2*.
|
|
|
|
|
* **templates.W003**:``<name>`` is used for multiple template tag modules:
|
2021-08-03 14:20:49 +00:00
|
|
|
|
``<module list>``.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
|
2018-09-06 11:49:25 +00:00
|
|
|
|
Translation
|
|
|
|
|
-----------
|
|
|
|
|
|
|
|
|
|
The following checks are performed on your translation configuration:
|
|
|
|
|
|
|
|
|
|
* **translation.E001**: You have provided an invalid value for the
|
2019-03-07 22:40:58 +00:00
|
|
|
|
:setting:`LANGUAGE_CODE` setting: ``<value>``.
|
2018-11-26 12:19:13 +00:00
|
|
|
|
* **translation.E002**: You have provided an invalid language code in the
|
|
|
|
|
:setting:`LANGUAGES` setting: ``<value>``.
|
|
|
|
|
* **translation.E003**: You have provided an invalid language code in the
|
|
|
|
|
:setting:`LANGUAGES_BIDI` setting: ``<value>``.
|
|
|
|
|
* **translation.E004**: You have provided a value for the
|
|
|
|
|
:setting:`LANGUAGE_CODE` setting that is not in the :setting:`LANGUAGES`
|
|
|
|
|
setting.
|
2018-09-06 11:49:25 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
URLs
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
The following checks are performed on your URL configuration:
|
|
|
|
|
|
|
|
|
|
* **urls.W001**: Your URL pattern ``<pattern>`` uses
|
2016-10-20 17:29:04 +00:00
|
|
|
|
:func:`~django.urls.include` with a ``route`` ending with a ``$``. Remove the
|
|
|
|
|
dollar from the ``route`` to avoid problems including URLs.
|
|
|
|
|
* **urls.W002**: Your URL pattern ``<pattern>`` has a ``route`` beginning with
|
|
|
|
|
a ``/``. Remove this slash as it is unnecessary. If this pattern is targeted
|
|
|
|
|
in an :func:`~django.urls.include`, ensure the :func:`~django.urls.include`
|
|
|
|
|
pattern has a trailing ``/``.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **urls.W003**: Your URL pattern ``<pattern>`` has a ``name``
|
|
|
|
|
including a ``:``. Remove the colon, to avoid ambiguous namespace
|
|
|
|
|
references.
|
|
|
|
|
* **urls.E004**: Your URL pattern ``<pattern>`` is invalid. Ensure that
|
2016-10-20 17:29:04 +00:00
|
|
|
|
``urlpatterns`` is a list of :func:`~django.urls.path` and/or
|
|
|
|
|
:func:`~django.urls.re_path` instances.
|
2017-01-05 00:53:23 +00:00
|
|
|
|
* **urls.W005**: URL namespace ``<namespace>`` isn't unique. You may not be
|
|
|
|
|
able to reverse all URLs in this namespace.
|
|
|
|
|
* **urls.E006**: The :setting:`MEDIA_URL`/ :setting:`STATIC_URL` setting must
|
|
|
|
|
end with a slash.
|
2018-09-07 07:33:19 +00:00
|
|
|
|
* **urls.E007**: The custom ``handlerXXX`` view ``'path.to.view'`` does not
|
|
|
|
|
take the correct number of arguments (…).
|
2019-04-03 23:17:25 +00:00
|
|
|
|
* **urls.E008**: The custom ``handlerXXX`` view ``'path.to.view'`` could not be
|
|
|
|
|
imported.
|
2020-11-14 17:25:57 +00:00
|
|
|
|
* **urls.E009**: Your URL pattern ``<pattern>`` has an invalid view, pass
|
|
|
|
|
``<view>.as_view()`` instead of ``<view>``.
|
2023-07-12 08:39:24 +00:00
|
|
|
|
* **urls.W010**: Your URL pattern ``<pattern>`` has an unmatched
|
2023-07-04 13:39:09 +00:00
|
|
|
|
``<angle bracket>``.
|
2014-03-03 11:20:48 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
``contrib`` app checks
|
|
|
|
|
======================
|
|
|
|
|
|
|
|
|
|
``admin``
|
|
|
|
|
---------
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
|
|
|
|
Admin checks are all performed as part of the ``admin`` tag.
|
|
|
|
|
|
2014-03-07 14:18:06 +00:00
|
|
|
|
The following checks are performed on any
|
2014-03-03 10:56:11 +00:00
|
|
|
|
:class:`~django.contrib.admin.ModelAdmin` (or subclass) that is registered
|
|
|
|
|
with the admin site:
|
|
|
|
|
|
|
|
|
|
* **admin.E001**: The value of ``raw_id_fields`` must be a list or tuple.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E002**: The value of ``raw_id_fields[n]`` refers to ``<field name>``,
|
2021-03-03 13:59:45 +00:00
|
|
|
|
which is not a field of ``<model>``.
|
2016-03-10 17:21:25 +00:00
|
|
|
|
* **admin.E003**: The value of ``raw_id_fields[n]`` must be a foreign key or
|
|
|
|
|
a many-to-many field.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E004**: The value of ``fields`` must be a list or tuple.
|
|
|
|
|
* **admin.E005**: Both ``fieldsets`` and ``fields`` are specified.
|
|
|
|
|
* **admin.E006**: The value of ``fields`` contains duplicate field(s).
|
|
|
|
|
* **admin.E007**: The value of ``fieldsets`` must be a list or tuple.
|
|
|
|
|
* **admin.E008**: The value of ``fieldsets[n]`` must be a list or tuple.
|
|
|
|
|
* **admin.E009**: The value of ``fieldsets[n]`` must be of length 2.
|
|
|
|
|
* **admin.E010**: The value of ``fieldsets[n][1]`` must be a dictionary.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E011**: The value of ``fieldsets[n][1]`` must contain the key
|
|
|
|
|
``fields``.
|
|
|
|
|
* **admin.E012**: There are duplicate field(s) in ``fieldsets[n][1]``.
|
2023-06-16 13:36:24 +00:00
|
|
|
|
* **admin.E013**: The value of
|
|
|
|
|
``fields[n]/filter_horizontal[n]/filter_vertical[n]/fieldsets[n][m]`` cannot
|
|
|
|
|
include the ``ManyToManyField`` ``<field name>``, because that field manually
|
|
|
|
|
specifies a relationship model.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E014**: The value of ``exclude`` must be a list or tuple.
|
|
|
|
|
* **admin.E015**: The value of ``exclude`` contains duplicate field(s).
|
|
|
|
|
* **admin.E016**: The value of ``form`` must inherit from ``BaseModelForm``.
|
|
|
|
|
* **admin.E017**: The value of ``filter_vertical`` must be a list or tuple.
|
|
|
|
|
* **admin.E018**: The value of ``filter_horizontal`` must be a list or tuple.
|
2020-10-19 17:22:37 +00:00
|
|
|
|
* **admin.E019**: The value of ``filter_vertical[n]/filter_horizontal[n]``
|
2021-03-03 13:59:45 +00:00
|
|
|
|
refers to ``<field name>``, which is not a field of ``<model>``.
|
2020-10-19 17:22:37 +00:00
|
|
|
|
* **admin.E020**: The value of ``filter_vertical[n]/filter_horizontal[n]``
|
|
|
|
|
must be a many-to-many field.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E021**: The value of ``radio_fields`` must be a dictionary.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E022**: The value of ``radio_fields`` refers to ``<field name>``,
|
2021-03-03 13:59:45 +00:00
|
|
|
|
which is not a field of ``<model>``.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E023**: The value of ``radio_fields`` refers to ``<field name>``,
|
2021-03-15 08:42:00 +00:00
|
|
|
|
which is not an instance of ``ForeignKey``, and does not have a ``choices``
|
2021-03-03 14:04:47 +00:00
|
|
|
|
definition.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E024**: The value of ``radio_fields[<field name>]`` must be either
|
2014-09-04 16:31:33 +00:00
|
|
|
|
``admin.HORIZONTAL`` or ``admin.VERTICAL``.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E025**: The value of ``view_on_site`` must be either a callable or a
|
|
|
|
|
boolean value.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E026**: The value of ``prepopulated_fields`` must be a dictionary.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E027**: The value of ``prepopulated_fields`` refers to
|
2021-03-03 13:59:45 +00:00
|
|
|
|
``<field name>``, which is not a field of ``<model>``.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E028**: The value of ``prepopulated_fields`` refers to
|
2016-12-19 13:33:46 +00:00
|
|
|
|
``<field name>``, which must not be a ``DateTimeField``, a ``ForeignKey``,
|
|
|
|
|
a ``OneToOneField``, or a ``ManyToManyField`` field.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E029**: The value of ``prepopulated_fields[<field name>]`` must be a
|
|
|
|
|
list or tuple.
|
|
|
|
|
* **admin.E030**: The value of ``prepopulated_fields`` refers to
|
2021-03-03 13:59:45 +00:00
|
|
|
|
``<field name>``, which is not a field of ``<model>``.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E031**: The value of ``ordering`` must be a list or tuple.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E032**: The value of ``ordering`` has the random ordering marker
|
|
|
|
|
``?``, but contains other fields as well.
|
|
|
|
|
* **admin.E033**: The value of ``ordering`` refers to ``<field name>``, which
|
2021-03-03 13:59:45 +00:00
|
|
|
|
is not a field of ``<model>``.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E034**: The value of ``readonly_fields`` must be a list or tuple.
|
2023-06-05 03:56:53 +00:00
|
|
|
|
* **admin.E035**: The value of ``readonly_fields[n]`` refers to
|
|
|
|
|
``<field_name>``, which is not a callable, an attribute of
|
|
|
|
|
``<ModelAdmin class>``, or an attribute of ``<model>``.
|
2017-05-10 12:48:57 +00:00
|
|
|
|
* **admin.E036**: The value of ``autocomplete_fields`` must be a list or tuple.
|
|
|
|
|
* **admin.E037**: The value of ``autocomplete_fields[n]`` refers to
|
2021-03-03 13:59:45 +00:00
|
|
|
|
``<field name>``, which is not a field of ``<model>``.
|
2017-05-10 12:48:57 +00:00
|
|
|
|
* **admin.E038**: The value of ``autocomplete_fields[n]`` must be a foreign
|
|
|
|
|
key or a many-to-many field.
|
|
|
|
|
* **admin.E039**: An admin for model ``<model>`` has to be registered to be
|
|
|
|
|
referenced by ``<modeladmin>.autocomplete_fields``.
|
|
|
|
|
* **admin.E040**: ``<modeladmin>`` must define ``search_fields``, because
|
|
|
|
|
it's referenced by ``<other_modeladmin>.autocomplete_fields``.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2016-01-24 21:26:11 +00:00
|
|
|
|
``ModelAdmin``
|
|
|
|
|
~~~~~~~~~~~~~~
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
|
|
|
|
The following checks are performed on any
|
|
|
|
|
:class:`~django.contrib.admin.ModelAdmin` that is registered
|
|
|
|
|
with the admin site:
|
|
|
|
|
|
|
|
|
|
* **admin.E101**: The value of ``save_as`` must be a boolean.
|
|
|
|
|
* **admin.E102**: The value of ``save_on_top`` must be a boolean.
|
|
|
|
|
* **admin.E103**: The value of ``inlines`` must be a list or tuple.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E104**: ``<InlineModelAdmin class>`` must inherit from
|
2016-08-24 21:34:32 +00:00
|
|
|
|
``InlineModelAdmin``.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E105**: ``<InlineModelAdmin class>`` must have a ``model`` attribute.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E106**: The value of ``<InlineModelAdmin class>.model`` must be a
|
|
|
|
|
``Model``.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E107**: The value of ``list_display`` must be a list or tuple.
|
2023-04-04 14:11:11 +00:00
|
|
|
|
* **admin.E108**: The value of ``list_display[n]`` refers to ``<label>``, which
|
|
|
|
|
is not a callable or attribute of ``<ModelAdmin class>``, or an attribute,
|
|
|
|
|
method, or field on ``<model>``.
|
2023-04-24 11:14:35 +00:00
|
|
|
|
* **admin.E109**: The value of ``list_display[n]`` must not be a many-to-many
|
|
|
|
|
field or a reverse foreign key.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E110**: The value of ``list_display_links`` must be a list, a tuple,
|
|
|
|
|
or ``None``.
|
|
|
|
|
* **admin.E111**: The value of ``list_display_links[n]`` refers to ``<label>``,
|
|
|
|
|
which is not defined in ``list_display``.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E112**: The value of ``list_filter`` must be a list or tuple.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E113**: The value of ``list_filter[n]`` must inherit from
|
|
|
|
|
``ListFilter``.
|
|
|
|
|
* **admin.E114**: The value of ``list_filter[n]`` must not inherit from
|
|
|
|
|
``FieldListFilter``.
|
|
|
|
|
* **admin.E115**: The value of ``list_filter[n][1]`` must inherit from
|
|
|
|
|
``FieldListFilter``.
|
|
|
|
|
* **admin.E116**: The value of ``list_filter[n]`` refers to ``<label>``,
|
|
|
|
|
which does not refer to a Field.
|
|
|
|
|
* **admin.E117**: The value of ``list_select_related`` must be a boolean,
|
|
|
|
|
tuple or list.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E118**: The value of ``list_per_page`` must be an integer.
|
|
|
|
|
* **admin.E119**: The value of ``list_max_show_all`` must be an integer.
|
|
|
|
|
* **admin.E120**: The value of ``list_editable`` must be a list or tuple.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E121**: The value of ``list_editable[n]`` refers to ``<label>``,
|
2021-03-03 13:59:45 +00:00
|
|
|
|
which is not a field of ``<model>``.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E122**: The value of ``list_editable[n]`` refers to ``<label>``,
|
|
|
|
|
which is not contained in ``list_display``.
|
|
|
|
|
* **admin.E123**: The value of ``list_editable[n]`` cannot be in both
|
|
|
|
|
``list_editable`` and ``list_display_links``.
|
|
|
|
|
* **admin.E124**: The value of ``list_editable[n]`` refers to the first field
|
|
|
|
|
in ``list_display`` (``<label>``), which cannot be used unless
|
|
|
|
|
``list_display_links`` is set.
|
|
|
|
|
* **admin.E125**: The value of ``list_editable[n]`` refers to ``<field name>``,
|
|
|
|
|
which is not editable through the admin.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E126**: The value of ``search_fields`` must be a list or tuple.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E127**: The value of ``date_hierarchy`` refers to ``<field name>``,
|
2016-05-05 17:52:54 +00:00
|
|
|
|
which does not refer to a Field.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E128**: The value of ``date_hierarchy`` must be a ``DateField`` or
|
|
|
|
|
``DateTimeField``.
|
2018-06-18 19:07:29 +00:00
|
|
|
|
* **admin.E129**: ``<modeladmin>`` must define a ``has_<foo>_permission()``
|
|
|
|
|
method for the ``<action>`` action.
|
2018-09-13 12:36:14 +00:00
|
|
|
|
* **admin.E130**: ``__name__`` attributes of actions defined in
|
2020-01-06 11:10:40 +00:00
|
|
|
|
``<modeladmin>`` must be unique. Name ``<name>`` is not unique.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2016-01-24 21:26:11 +00:00
|
|
|
|
``InlineModelAdmin``
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
|
|
|
|
The following checks are performed on any
|
|
|
|
|
:class:`~django.contrib.admin.InlineModelAdmin` that is registered as an
|
|
|
|
|
inline on a :class:`~django.contrib.admin.ModelAdmin`.
|
|
|
|
|
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E201**: Cannot exclude the field ``<field name>``, because it is the
|
|
|
|
|
foreign key to the parent model ``<app_label>.<model>``.
|
|
|
|
|
* **admin.E202**: ``<model>`` has no ``ForeignKey`` to ``<parent model>``./
|
2019-12-16 21:16:39 +00:00
|
|
|
|
``<model>`` has more than one ``ForeignKey`` to ``<parent model>``. You must
|
|
|
|
|
specify a ``fk_name`` attribute.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
* **admin.E203**: The value of ``extra`` must be an integer.
|
|
|
|
|
* **admin.E204**: The value of ``max_num`` must be an integer.
|
2014-03-05 20:19:40 +00:00
|
|
|
|
* **admin.E205**: The value of ``min_num`` must be an integer.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E206**: The value of ``formset`` must inherit from
|
|
|
|
|
``BaseModelFormSet``.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2016-01-24 21:26:11 +00:00
|
|
|
|
``GenericInlineModelAdmin``
|
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
2014-03-08 03:24:13 +00:00
|
|
|
|
|
|
|
|
|
The following checks are performed on any
|
|
|
|
|
:class:`~django.contrib.contenttypes.admin.GenericInlineModelAdmin` that is
|
|
|
|
|
registered as an inline on a :class:`~django.contrib.admin.ModelAdmin`.
|
|
|
|
|
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **admin.E301**: ``'ct_field'`` references ``<label>``, which is not a field
|
|
|
|
|
on ``<model>``.
|
|
|
|
|
* **admin.E302**: ``'ct_fk_field'`` references ``<label>``, which is not a
|
|
|
|
|
field on ``<model>``.
|
|
|
|
|
* **admin.E303**: ``<model>`` has no ``GenericForeignKey``.
|
|
|
|
|
* **admin.E304**: ``<model>`` has no ``GenericForeignKey`` using content type
|
|
|
|
|
field ``<field name>`` and object ID field ``<field name>``.
|
2014-03-08 03:24:13 +00:00
|
|
|
|
|
2016-01-24 21:26:11 +00:00
|
|
|
|
``AdminSite``
|
|
|
|
|
~~~~~~~~~~~~~
|
2015-12-10 12:45:21 +00:00
|
|
|
|
|
|
|
|
|
The following checks are performed on the default
|
|
|
|
|
:class:`~django.contrib.admin.AdminSite`:
|
|
|
|
|
|
|
|
|
|
* **admin.E401**: :mod:`django.contrib.contenttypes` must be in
|
|
|
|
|
:setting:`INSTALLED_APPS` in order to use the admin application.
|
|
|
|
|
* **admin.E402**: :mod:`django.contrib.auth.context_processors.auth`
|
2018-08-20 21:57:46 +00:00
|
|
|
|
must be enabled in :class:`~django.template.backends.django.DjangoTemplates`
|
|
|
|
|
(:setting:`TEMPLATES`) if using the default auth backend in order to use the
|
|
|
|
|
admin application.
|
|
|
|
|
* **admin.E403**: A :class:`django.template.backends.django.DjangoTemplates`
|
|
|
|
|
instance must be configured in :setting:`TEMPLATES` in order to use the
|
|
|
|
|
admin application.
|
|
|
|
|
* **admin.E404**: ``django.contrib.messages.context_processors.messages``
|
|
|
|
|
must be enabled in :class:`~django.template.backends.django.DjangoTemplates`
|
|
|
|
|
(:setting:`TEMPLATES`) in order to use the admin application.
|
|
|
|
|
* **admin.E405**: :mod:`django.contrib.auth` must be in
|
|
|
|
|
:setting:`INSTALLED_APPS` in order to use the admin application.
|
|
|
|
|
* **admin.E406**: :mod:`django.contrib.messages` must be in
|
|
|
|
|
:setting:`INSTALLED_APPS` in order to use the admin application.
|
|
|
|
|
* **admin.E408**:
|
|
|
|
|
:class:`django.contrib.auth.middleware.AuthenticationMiddleware` must be in
|
|
|
|
|
:setting:`MIDDLEWARE` in order to use the admin application.
|
|
|
|
|
* **admin.E409**: :class:`django.contrib.messages.middleware.MessageMiddleware`
|
|
|
|
|
must be in :setting:`MIDDLEWARE` in order to use the admin application.
|
2019-04-04 10:02:47 +00:00
|
|
|
|
* **admin.E410**: :class:`django.contrib.sessions.middleware.SessionMiddleware`
|
|
|
|
|
must be in :setting:`MIDDLEWARE` in order to use the admin application.
|
2020-05-14 08:27:35 +00:00
|
|
|
|
* **admin.W411**: ``django.template.context_processors.request`` must be
|
|
|
|
|
enabled in :class:`~django.template.backends.django.DjangoTemplates`
|
|
|
|
|
(:setting:`TEMPLATES`) in order to use the admin navigation sidebar.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
``auth``
|
|
|
|
|
--------
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
|
|
|
|
* **auth.E001**: ``REQUIRED_FIELDS`` must be a list or tuple.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **auth.E002**: The field named as the ``USERNAME_FIELD`` for a custom user
|
|
|
|
|
model must not be included in ``REQUIRED_FIELDS``.
|
|
|
|
|
* **auth.E003**: ``<field>`` must be unique because it is named as the
|
|
|
|
|
``USERNAME_FIELD``.
|
|
|
|
|
* **auth.W004**: ``<field>`` is named as the ``USERNAME_FIELD``, but it is not
|
|
|
|
|
unique.
|
2016-04-06 02:58:22 +00:00
|
|
|
|
* **auth.E005**: The permission codenamed ``<codename>`` clashes with a builtin
|
|
|
|
|
permission for model ``<model>``.
|
|
|
|
|
* **auth.E006**: The permission codenamed ``<codename>`` is duplicated for model
|
|
|
|
|
``<model>``.
|
|
|
|
|
* **auth.E007**: The :attr:`verbose_name
|
|
|
|
|
<django.db.models.Options.verbose_name>` of model ``<model>`` must be at most
|
|
|
|
|
244 characters for its builtin permission names
|
|
|
|
|
to be at most 255 characters.
|
|
|
|
|
* **auth.E008**: The permission named ``<name>`` of model ``<model>`` is longer
|
|
|
|
|
than 255 characters.
|
2016-05-05 16:42:19 +00:00
|
|
|
|
* **auth.C009**: ``<User model>.is_anonymous`` must be an attribute or property
|
|
|
|
|
rather than a method. Ignoring this is a security issue as anonymous users
|
|
|
|
|
will be treated as authenticated!
|
|
|
|
|
* **auth.C010**: ``<User model>.is_authenticated`` must be an attribute or
|
|
|
|
|
property rather than a method. Ignoring this is a security issue as anonymous
|
|
|
|
|
users will be treated as authenticated!
|
2020-01-23 02:14:24 +00:00
|
|
|
|
* **auth.E011**: The name of model ``<model>`` must be at most 93 characters
|
|
|
|
|
for its builtin permission names to be at most 100 characters.
|
|
|
|
|
* **auth.E012**: The permission codenamed ``<codename>`` of model ``<model>``
|
|
|
|
|
is longer than 100 characters.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
``contenttypes``
|
|
|
|
|
----------------
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
|
|
|
|
The following checks are performed when a model contains a
|
|
|
|
|
:class:`~django.contrib.contenttypes.fields.GenericForeignKey` or
|
|
|
|
|
:class:`~django.contrib.contenttypes.fields.GenericRelation`:
|
|
|
|
|
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **contenttypes.E001**: The ``GenericForeignKey`` object ID references the
|
2017-02-03 01:43:21 +00:00
|
|
|
|
nonexistent field ``<field>``.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **contenttypes.E002**: The ``GenericForeignKey`` content type references the
|
2017-02-03 01:43:21 +00:00
|
|
|
|
nonexistent field ``<field>``.
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **contenttypes.E003**: ``<field>`` is not a ``ForeignKey``.
|
|
|
|
|
* **contenttypes.E004**: ``<field>`` is not a ``ForeignKey`` to
|
2014-09-05 16:16:30 +00:00
|
|
|
|
``contenttypes.ContentType``.
|
2017-06-15 20:44:20 +00:00
|
|
|
|
* **contenttypes.E005**: Model names must be at most 100 characters.
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
2017-09-27 14:58:33 +00:00
|
|
|
|
``postgres``
|
|
|
|
|
------------
|
|
|
|
|
|
|
|
|
|
The following checks are performed on :mod:`django.contrib.postgres` model
|
|
|
|
|
fields:
|
|
|
|
|
|
|
|
|
|
* **postgres.E001**: Base field for array has errors: ...
|
|
|
|
|
* **postgres.E002**: Base field for array cannot be a related field.
|
2017-08-17 23:21:35 +00:00
|
|
|
|
* **postgres.E003**: ``<field>`` default should be a callable instead of an
|
2019-10-17 09:36:39 +00:00
|
|
|
|
instance so that it's not shared between all field instances. *This check was
|
|
|
|
|
changed to* ``fields.E010`` *in Django 3.1*.
|
2022-08-03 09:42:51 +00:00
|
|
|
|
* **postgres.W004**: Base field for array has warnings: ...
|
2017-09-27 14:58:33 +00:00
|
|
|
|
|
2023-10-19 20:49:16 +00:00
|
|
|
|
.. _sites-system-checks:
|
|
|
|
|
|
2017-01-05 00:53:23 +00:00
|
|
|
|
``sites``
|
|
|
|
|
---------
|
2014-03-03 10:56:11 +00:00
|
|
|
|
|
|
|
|
|
The following checks are performed on any model using a
|
|
|
|
|
:class:`~django.contrib.sites.managers.CurrentSiteManager`:
|
|
|
|
|
|
2014-06-06 19:19:20 +00:00
|
|
|
|
* **sites.E001**: ``CurrentSiteManager`` could not find a field named
|
|
|
|
|
``<field name>``.
|
|
|
|
|
* **sites.E002**: ``CurrentSiteManager`` cannot use ``<field>`` as it is not a
|
2016-03-10 17:21:25 +00:00
|
|
|
|
foreign key or a many-to-many field.
|
2017-01-02 22:35:43 +00:00
|
|
|
|
|
2020-07-23 06:18:58 +00:00
|
|
|
|
The following checks verify that :mod:`django.contrib.sites` is correctly
|
|
|
|
|
configured:
|
|
|
|
|
|
|
|
|
|
* **sites.E101**: The :setting:`SITE_ID` setting must be an integer.
|
|
|
|
|
|
2017-01-02 22:35:43 +00:00
|
|
|
|
``staticfiles``
|
|
|
|
|
---------------
|
|
|
|
|
|
|
|
|
|
The following checks verify that :mod:`django.contrib.staticfiles` is correctly
|
|
|
|
|
configured:
|
|
|
|
|
|
|
|
|
|
* **staticfiles.E001**: The :setting:`STATICFILES_DIRS` setting is not a tuple
|
|
|
|
|
or list.
|
|
|
|
|
* **staticfiles.E002**: The :setting:`STATICFILES_DIRS` setting should not
|
|
|
|
|
contain the :setting:`STATIC_ROOT` setting.
|
2018-09-27 23:49:37 +00:00
|
|
|
|
* **staticfiles.E003**: The prefix ``<prefix>`` in the
|
|
|
|
|
:setting:`STATICFILES_DIRS` setting must not end with a slash.
|
2021-02-26 12:23:26 +00:00
|
|
|
|
* **staticfiles.W004**: The directory ``<directory>`` in the
|
|
|
|
|
:setting:`STATICFILES_DIRS` does not exist.
|
2023-07-17 12:41:33 +00:00
|
|
|
|
* **staticfiles.E005**: The :setting:`STORAGES` setting must define a
|
|
|
|
|
``staticfiles`` storage.
|