系統(tǒng)檢查框架是一組用于驗(yàn)證Django項(xiàng)目的靜態(tài)檢查建炫。 它檢測(cè)常見問(wèn)題并提供如何修復(fù)它們的提示元媚≈晌椋框架是可擴(kuò)展的弯予，因此您可以輕松添加自定義的檢查戚宦。

有關(guān)如何添加自定義檢查并將其與Django的系統(tǒng)檢查集成的詳細(xì)信息个曙，請(qǐng)參閱 System check topic guide。

API參考

CheckMessage

  class django.core.checks.CheckMessage(level, msg, hint=None, obj=None, id=None)

系統(tǒng)檢查引起的警告和錯(cuò)誤必須是 CheckMessage 的實(shí)例。 這個(gè)實(shí)例封裝了一個(gè)單一的可重復(fù)使用的錯(cuò)誤和警告垦搬。 它還提供了用于消息的上下文和提示呼寸，以及用于過(guò)濾的惟一標(biāo)識(shí)符。

構(gòu)造函數(shù)的參數(shù):

level
信息的嚴(yán)重性猴贰。使用一個(gè)預(yù)定義值: DEBUG, INFO, WARNING, ERROR, CRITICAL. 如果級(jí)別大于或等于 ERROR对雪， 則Django將阻止管理命令執(zhí)行。如果消息等級(jí)下雨 ERROR (i.e. warnings) 將報(bào)告給控制臺(tái), 但不做其他處理米绕。

msg
對(duì)問(wèn)題簡(jiǎn)短描述的字符串 (少于 80 個(gè)字符)瑟捣，字符串不能包含換行符。

hint
為解決問(wèn)題提供提示的單行字符串胡嘿。如果沒(méi)有提供任何提示永部， 或者提示從錯(cuò)誤消息中可以明顯看出治力，則提示可以省略，或者用None桑李。

obj

可選。為消息提供上下文的對(duì)象(例如窿给，發(fā)現(xiàn)問(wèn)題的模型)贵白。對(duì)象應(yīng)該是一個(gè)模型、字段崩泡、管理器或定義 了 __str__ 方法的任何其他對(duì)象(在Python 2中禁荒，您需要定義 __unicode__ 方法)。 在報(bào)告所有消息時(shí)使用該方法允华。

id
可選字符串圈浇，問(wèn)題的唯一標(biāo)示。標(biāo)識(shí)符應(yīng)該遵循這種模式 applabel.X001 靴寂。X 是一個(gè) CEWID 的一個(gè)字母磷蜀，表示消息嚴(yán)重程度( C 代表 CRITICAL, E 代表 ERROR 等。) 這個(gè)數(shù)字可以由應(yīng)用程序任意分配百炬，但在應(yīng)用程序中應(yīng)該是唯一的褐隆。

有子類可以使創(chuàng)建具有公共級(jí)別的消息更加容易。在使用它們時(shí)剖踊，您可以省略 level 參數(shù)庶弃，因?yàn)樗怯深惷[含的

  class django.core.checks.Debug(msg, hint=None, obj=None, id=None
  class django.core.checks.Info(msg, hint=None, obj=None, id=None)
  class django.core.checks.Warning(msg, hint=None obj=None, id=None)
  class django.core.checks.Error(msg, hint=None, obj=None, id=None)
  class django.core.checks.Critical(msg, hint=None, obj=None, id=None)

內(nèi)建檢查

內(nèi)建

Django的系統(tǒng)檢查使用以下標(biāo)記:

• models: 檢查管理模型，字段和管理器定義德澈。
• signals: 檢查信號(hào)聲明和處理程序注冊(cè)歇攻。
• admin: 檢查所有管理網(wǎng)站聲明。
• compatibility: 標(biāo)記版本升級(jí)的潛在問(wèn)題梆造。
• security: 檢查安全相關(guān)的配置缴守。
• templates: 檢查模板相關(guān)配置。
• caches: 檢查緩存相關(guān)配置。
• urls: 檢查路由相關(guān)配置屡穗。
• database: 檢查數(shù)據(jù)庫(kù)配置相關(guān)問(wèn)題贴捡。數(shù)據(jù)庫(kù)檢查并不是以默認(rèn)方式運(yùn)行，因?yàn)樗鼈儽褥o態(tài)的代碼分析做的更多村砂。 它們只由 migrate 命令運(yùn)行烂斋，或者在調(diào)用 check 命令時(shí)指定數(shù)據(jù)庫(kù)標(biāo)記。

database tag 在再1.10版本開始加入的础废。

某些檢查可能會(huì)向多個(gè)標(biāo)簽注冊(cè)汛骂。

核心系統(tǒng)檢查

Models

• models.E001: <swappable> 格式不是 app_label.app_name.
• models.E002: <SETTING> 引用的 <model> 沒(méi)有被 installed,或者是抽象的。
• models.E003: 該模型通過(guò)中介模型 <app_label>.<model> 有兩個(gè)多對(duì)多關(guān)系评腺。
• models.E004: id 只能用于設(shè)置了 primary_key=True 的字段名稱香缺。
• models.E005: <model> 中的字段 <field name> 有沖突。
• models.E006: 該字段和模型 <model> 中的字段 <field name> 存在沖突歇僧。
• models.E007: 字段 <field name> 的列名 <column name> 已經(jīng)被其他字段使用了图张。
• models.E008: index_together 必須是列表或者元組。
• models.E009: 所有 index_together 必須是列表或者元組诈悍。
• models.E010: unique_together 必須是列表或者元組祸轮。
• models.E011: 所有 unique_together 必須是列表或者元組。
• models.E012: index_together/unique_together 關(guān)聯(lián)到了不存在的字段名 <field name>侥钳。
• models.E013: index_together/unique_together 關(guān)聯(lián)了 ManyToManyField <field name>, 但是 ManyToManyField 不支持該選項(xiàng)适袜。
• models.E014: ordering 必須是列表或者元組 ( 即使你只想按一個(gè)字段排序)。
• models.E015: ordering 關(guān)聯(lián)到了一個(gè)存在的 <field name>舷夺。
• models.E016: index_together/unique_together 關(guān)聯(lián)的字段 <field_name> 不在本地模型 <model>中苦酱。
• models.E017: 代理模型 <model> 不能有模型字段。
• models.E018: 字段 <field> 的自動(dòng)生成列名過(guò)長(zhǎng)给猾。數(shù)據(jù)庫(kù) <alias> 中的最大長(zhǎng)度是 <maximum length>疫萤。
• models.E019: M2M字段 <M2M field> 的自動(dòng)生成列名過(guò)長(zhǎng)。 數(shù)據(jù)庫(kù) <alias> 中的最大長(zhǎng)度是 <maximum length>敢伸。
• models.E020: <model>.check() 類方法當(dāng)前被覆蓋扯饶。
• models.E021: ordering 和 order_with_respect_to 不能同時(shí)使用。
• models.E022: <function> 包含了 <app label>.<model> 的惰性引用, 但是應(yīng)用 <app label> 沒(méi)有install或者沒(méi)有模型 <model> 池颈。

字段

• fields.E001: 字段名稱不能以下劃線結(jié)尾尾序。
• fields.E002: 字段名稱不能包含”__” 。
• fields.E003: pk 是不能用作字段名稱的保留字躯砰。
• fields.E004: choices 必須是可迭代的 (e.g., 元組或者列表).
• fields.E005: choices 必須是可迭代的返回 (實(shí)際值,易讀值) 元組每币。
• fields.E006: db_index 必須是 None, True 或者 False。
• fields.E007: 主鍵必須設(shè)置 null=True琢歇。
• fields.E100: AutoField 必須設(shè)置 primary_key=True.
• fields.E110: BooleanField 不接受null兰怠。
• fields.E120: CharField 必須定義 max_length 屬性则北。
• fields.E121: max_length 必須是正整數(shù)。
• fields.W122: 使用 IntegerField 時(shí)可忽略 max_length 痕慢。
• fields.E130: DecimalField 必須定義 decimal_places 屬性。
• fields.E131: decimal_places 必須是非負(fù)整數(shù)涌矢。
• fields.E132: DecimalField 必須定義 ``max_digits` 屬性掖举。
• fields.E133: max_digits 必須是非負(fù)整數(shù)。
• fields.E134: max_digits 必須大于等于 decimal_places娜庇。
• fields.E140: FilePathField 必須設(shè)置 allow_files 或者 allow_folders 為True塔次。
• fields.E150: GenericIPAddressField 如果不允許空值, 則不能接受空值，名秀，因?yàn)榭罩荡鎯?chǔ)為null励负。
• fields.E160: 選項(xiàng) auto_now, auto_now_add 和 default 是互斥的。這些選項(xiàng)中只能有一個(gè)存在匕得。
• fields.W161: 提供固定的默認(rèn)值继榆。
• fields.E900: IPAddressField 已被刪除，僅在歷史遷移中支持汁掠。
• fields.W900: IPAddressField 已被棄用略吨。對(duì)它的支持（除了歷史遷移）將在Django 1.9中刪除。 * 這個(gè)檢查只在 Django 1.7 和 1.8 中* 考阱。
• fields.W901: CommaSeparatedIntegerField 已棄用翠忠。對(duì)它的支持(除了在歷史遷移)將在Django 2.0中刪除。

文件字段

• fields.E200: unique 不是 FileField 的合法參數(shù)乞榨。
• fields.E201: primary_key 不是 FileField 的合法參數(shù)秽之。
• fields.E210: 由于 Pillow 沒(méi)有安裝，所以 ImageField 無(wú)法使用吃既。

關(guān)系字段

• fields.E300: 字段定義的關(guān)系模型 <model> 沒(méi)有install或者是抽象的考榨。
• fields.E301: 字段定義的關(guān)系模型 <model> 已經(jīng)換出。
• fields.E302: 訪問(wèn)字段 <field name> 與字段 <field name> 沖突鹦倚。
• fields.E303: 反向查詢字段 <field name> 與字段 <field name> 沖突董虱。
• fields.E304: 字段 <field name> 與訪問(wèn)字段 <field name> 沖突。
• fields.E305: 字段 <field name> 與反向查詢字段 <field name> 沖突申鱼。
• fields.E306: 關(guān)系名必須是Python標(biāo)識(shí)符愤诱，或者以 '+' 結(jié)尾。
• fields.E307: 字段 <app label>.<model>.<field name> 是惰性關(guān)聯(lián)到模型 <app label>.<model>, 但是應(yīng)用 <app label> 并沒(méi)有install,或是沒(méi)有此模型 <model>捐友。
• fields.E310: No subset of the fields <field1>, <field2>, … on model <model> is unique. Add unique=True on any of those fields or add at least a subset of them to a unique_together constraint.
• fields.E311: <model> must set unique=True because it is referenced by a ForeignKey.
• fields.E320: Field specifies on_delete=SET_NULL, but cannot be null.
• fields.E321: The field specifies on_delete=SET_DEFAULT, but has no default value.
• fields.E330: ManyToManyFields cannot be unique.
• fields.E331: Field specifies a many-to-many relation through model <model>, which has not been installed.
• fields.E332: Many-to-many fields with intermediate tables must not be symmetrical.
• fields.E333: The model is used as an intermediate model by <model>, but it has more than two foreign keys to <model>, which is ambiguous. You must specify which two foreign keys Django should use via the through_fields keyword argument.
• fields.E334: The model is used as an intermediate model by <model>, but it has more than one foreign key from <model>, which is ambiguous. You must specify which foreign key Django should use via the through_fields keyword argument.
• fields.E335: The model is used as an intermediate model by <model>, but it has more than one foreign key to <model>, which is ambiguous. You must specify which foreign key Django should use via the through_fields keyword argument.
• fields.E336: The model is used as an intermediary model by <model>, but it does not have foreign key to <model> or <model>.
• fields.E337: Field specifies through_fields but does not provide the names of the two link fields that should be used for the relation through <model>.
• fields.E338: The intermediary model <through model> has no field <field name>.
• fields.E339: <model>.<field name> is not a foreign key to <model>.
• fields.W340: null has no effect on ManyToManyField.
• fields.W341: ManyToManyField does not support validators.
• fields.W342: Setting unique=True on a ForeignKey has the same effect as using a OneToOneField.

Signals

• signals.E001: <handler> was connected to the <signal> signal with a lazy reference to the sender <app label>.<model>, but app <app label> isn’t installed or doesn’t provide model <model>.

Backwards Compatibility

The following checks are performed to warn the user of any potential problems that might occur as a result of a version upgrade.

• 1_6.W001: Some project unit tests may not execute as expected. This check was removed in Django 1.8 due to false positives.
• 1_6.W002: BooleanField does not have a default value. This check was removed in Django 1.8 due to false positives.
• 1_7.W001: Django 1.7 changed the global defaults for the MIDDLEWARE_CLASSES.``django.contrib.sessions.middleware.SessionMiddleware,django.contrib.auth.middleware.AuthenticationMiddleware, anddjango.contrib.messages.middleware.MessageMiddleware were removed from the defaults. If your project needs these middleware then you should configure this setting. This check was removed in Django 1.9.
• 1_8.W001: The standalone TEMPLATE_* settings were deprecated in Django 1.8 and the TEMPLATES dictionary takes precedence. You must put the values of the following settings into your defaults TEMPLATES dict: TEMPLATE_DIRS, TEMPLATE_CONTEXT_PROCESSORS, TEMPLATE_DEBUG,TEMPLATE_LOADERS, TEMPLATE_STRING_IF_INVALID.
• 1_10.W001: The MIDDLEWARE_CLASSES setting is deprecated in Django 1.10 and the MIDDLEWAREsetting takes precedence. Since you’ve set MIDDLEWARE, the value of MIDDLEWARE_CLASSES is ignored.

Admin

Admin checks are all performed as part of the admin tag.

The following checks are performed on any ModelAdmin (or subclass) that is registered with the admin site:

• admin.E001: The value of raw_id_fields must be a list or tuple.
• admin.E002: The value of raw_id_fields[n] refers to <field name>, which is not an attribute of <model>.
• admin.E003: The value of raw_id_fields[n] must be a foreign key or a many-to-many field.
• admin.E004: The value of fields must be a list or tuple.
• admin.E005: Both fieldsets and fields are specified.
• admin.E006: The value of fields contains duplicate field(s).
• admin.E007: The value of fieldsets must be a list or tuple.
• admin.E008: The value of fieldsets[n] must be a list or tuple.
• admin.E009: The value of fieldsets[n] must be of length 2.
• admin.E010: The value of fieldsets[n][1] must be a dictionary.
• admin.E011: The value of fieldsets[n][1] must contain the key fields.
• admin.E012: There are duplicate field(s) in fieldsets[n][1].
• admin.E013: fields[n]/fieldsets[n][m] cannot include the ManyToManyField <field name>, because that field manually specifies a relationship model.
• admin.E014: The value of exclude must be a list or tuple.
• admin.E015: The value of exclude contains duplicate field(s).
• admin.E016: The value of form must inherit from BaseModelForm.
• admin.E017: The value of filter_vertical must be a list or tuple.
• admin.E018: The value of filter_horizontal must be a list or tuple.
• admin.E019: The value of filter_vertical[n]/filter_vertical[n] refers to <field name>, which is not an attribute of <model>.
• admin.E020: The value of filter_vertical[n]/filter_vertical[n] must be a many-to-many field.
• admin.E021: The value of radio_fields must be a dictionary.
• admin.E022: The value of radio_fields refers to <field name>, which is not an attribute of <model>.
• admin.E023: The value of radio_fields refers to <field name>, which is not a ForeignKey, and does not have a choices definition.
• admin.E024: The value of radio_fields[<field name>] must be either admin.HORIZONTAL or admin.VERTICAL.
• admin.E025: The value of view_on_site must be either a callable or a boolean value.
• admin.E026: The value of prepopulated_fields must be a dictionary.
• admin.E027: The value of prepopulated_fields refers to <field name>, which is not an attribute of <model>.
• admin.E028: The value of prepopulated_fields refers to <field name>, which must not be a DateTimeField, a ForeignKey, or a ManyToManyField field.
• admin.E029: The value of prepopulated_fields[<field name>] must be a list or tuple.
• admin.E030: The value of prepopulated_fields refers to <field name>, which is not an attribute of <model>.
• admin.E031: The value of ordering must be a list or tuple.
• admin.E032: The value of ordering has the random ordering marker ?, but contains other fields as well.
• admin.E033: The value of ordering refers to <field name>, which is not an attribute of <model>.
• admin.E034: The value of readonly_fields must be a list or tuple.
• admin.E035: The value of readonly_fields[n] is not a callable, an attribute of <ModelAdmin class>, or an attribute of <model>.

ModelAdmin

The following checks are performed on any ModelAdmin that is registered with the admin site:

• admin.E101: The value of save_as must be a boolean.
• admin.E102: The value of save_on_top must be a boolean.
• admin.E103: The value of inlines must be a list or tuple.
• admin.E104: <InlineModelAdmin class> must inherit from BaseModelAdmin.
• admin.E105: <InlineModelAdmin class> must have a model attribute.
• admin.E106: The value of <InlineModelAdmin class>.model must be a Model.
• admin.E107: The value of list_display must be a list or tuple.
• admin.E108: The value of list_display[n] refers to <label>, which is not a callable, an attribute of <ModelAdmin class>, or an attribute or method on <model>.
• admin.E109: The value of list_display[n] must not be a ManyToManyField field.
• admin.E110: The value of list_display_links must be a list, a tuple, or None.
• admin.E111: The value of list_display_links[n] refers to <label>, which is not defined in list_display.
• admin.E112: The value of list_filter must be a list or tuple.
• admin.E113: The value of list_filter[n] must inherit from ListFilter.
• admin.E114: The value of list_filter[n] must not inherit from FieldListFilter.
• admin.E115: The value of list_filter[n][1] must inherit from FieldListFilter.
• admin.E116: The value of list_filter[n] refers to <label>, which does not refer to a Field.
• admin.E117: The value of list_select_related must be a boolean, tuple or list.
• admin.E118: The value of list_per_page must be an integer.
• admin.E119: The value of list_max_show_all must be an integer.
• admin.E120: The value of list_editable must be a list or tuple.
• admin.E121: The value of list_editable[n] refers to <label>, which is not an attribute of <model>.
• admin.E122: The value of list_editable[n] refers to <label>, which is not contained in list_display.
• admin.E123: The value of list_editable[n] cannot be in both list_editable and list_display_links.
• admin.E124: The value of list_editable[n] refers to the first field in list_display (<label>), which cannot be used unless list_display_links is set.
• admin.E125: The value of list_editable[n] refers to <field name>, which is not editable through the admin.
• admin.E126: The value of search_fields must be a list or tuple.
• admin.E127: The value of date_hierarchy refers to <field name>, which is not an attribute of <model>.
• admin.E128: The value of date_hierarchy must be a DateField or DateTimeField.

InlineModelAdmin

The following checks are performed on any InlineModelAdmin that is registered as an inline on a ModelAdmin.

• admin.E201: Cannot exclude the field <field name>, because it is the foreign key to the parent model <app_label>.<model>.
• admin.E202: <model> has no ForeignKey to <parent model>./ <model> has more than one ForeignKey to <parent model>.
• admin.E203: The value of extra must be an integer.
• admin.E204: The value of max_num must be an integer.
• admin.E205: The value of min_num must be an integer.
• admin.E206: The value of formset must inherit from BaseModelFormSet.

GenericInlineModelAdmin

The following checks are performed on any GenericInlineModelAdmin that is registered as an inline on a ModelAdmin.

• admin.E301: 'ct_field' references <label>, which is not a field on <model>.
• admin.E302: 'ct_fk_field' references <label>, which is not a field on <model>.
• admin.E303: <model> has no GenericForeignKey.
• admin.E304: <model> has no GenericForeignKey using content type field <field name> and object ID field <field name>.

AdminSite

The following checks are performed on the default AdminSite:

• admin.E401: django.contrib.contenttypes must be in INSTALLED_APPS in order to use the admin application.
• admin.E402: django.contrib.auth.context_processors.auth must be in TEMPLATES in order to use the admin application.

Auth

• auth.E001: REQUIRED_FIELDS must be a list or tuple.
• auth.E002: The field named as the USERNAME_FIELD for a custom user model must not be included in REQUIRED_FIELDS.
• auth.E003: <field> must be unique because it is named as the USERNAME_FIELD.
• auth.W004: <field> is named as the USERNAME_FIELD, but it is not unique.
• auth.E005: The permission codenamed <codename> clashes with a builtin permission for model <model>.
• auth.E006: The permission codenamed <codename> is duplicated for model <model>.
• auth.E007: The verbose_name of model <model> must be at most 244 characters for its builtin permission names to be at most 255 characters.
• auth.E008: The permission named <name> of model <model> is longer than 255 characters.
• auth.C009: <User model>.is_anonymous must be an attribute or property rather than a method. Ignoring this is a security issue as anonymous users will be treated as authenticated!
• auth.C010: <User model>.is_authenticated must be an attribute or property rather than a method. Ignoring this is a security issue as anonymous users will be treated as authenticated!

Content Types

The following checks are performed when a model contains a GenericForeignKey or GenericRelation:

• contenttypes.E001: The GenericForeignKey object ID references the non-existent field <field>.
• contenttypes.E002: The GenericForeignKey content type references the non-existent field <field>.
• contenttypes.E003: <field> is not a ForeignKey.
• contenttypes.E004: <field> is not a ForeignKey to contenttypes.ContentType.

Security

The security checks do not make your site secure. They do not audit code, do intrusion detection, or do anything particularly complex. Rather, they help perform an automated, low-hanging-fruit checklist. They help you remember the simple things that improve your site’s security.

Some of these checks may not be appropriate for your particular deployment configuration. For instance, if you do your HTTP to HTTPS redirection in a load balancer, it’d be irritating to be constantly warned about not having enabled SECURE_SSL_REDIRECT. Use SILENCED_SYSTEM_CHECKS to silence unneeded checks.

The following checks are run if you use the check --deploy option:

• security.W001: You do not have django.middleware.security.SecurityMiddleware in yourMIDDLEWARE/MIDDLEWARE_CLASSES so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect.
• security.W002: You do not have django.middleware.clickjacking.XFrameOptionsMiddleware in yourMIDDLEWARE/MIDDLEWARE_CLASSES, so your pages will not be served with an 'x-frame-options'header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks.
• security.W003: You don’t appear to be using Django’s built-in cross-site request forgery protection via the middleware (django.middleware.csrf.CsrfViewMiddleware is not in yourMIDDLEWARE/MIDDLEWARE_CLASSES). Enabling the middleware is the safest approach to ensure you don’t leave any holes.
• security.W004: You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
• security.W005: You have not set the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.
• security.W006: Your SECURE_CONTENT_TYPE_NOSNIFF setting is not set to True, so your pages will not be served with an 'x-content-type-options: nosniff' header. You should consider enabling this header to prevent the browser from identifying content types incorrectly.
• security.W007: Your SECURE_BROWSER_XSS_FILTER setting is not set to True, so your pages will not be served with an 'x-xss-protection: 1; mode=block' header. You should consider enabling this header to activate the browser’s XSS filtering and help prevent XSS attacks.
• security.W008: Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting to True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
• security.W009: Your SECRET_KEY has less than 50 characters or less than 5 unique characters. Please generate a long and random SECRET_KEY, otherwise many of Django’s security-critical features will be vulnerable to attack.
• security.W010: You have django.contrib.sessions in your INSTALLED_APPS but you have not setSESSION_COOKIE_SECURE to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
• security.W011: You have django.contrib.sessions.middleware.SessionMiddleware in yourMIDDLEWARE/MIDDLEWARE_CLASSES, but you have not set SESSION_COOKIE_SECURE to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
• security.W012: SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
• security.W013: You have django.contrib.sessions in your INSTALLED_APPS, but you have not setSESSION_COOKIE_HTTPONLY to True. Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.
• security.W014: You have django.contrib.sessions.middleware.SessionMiddleware in yourMIDDLEWARE/MIDDLEWARE_CLASSES, but you have not set SESSION_COOKIE_HTTPONLY to True. Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.
• security.W015: SESSION_COOKIE_HTTPONLY is not set to True. Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.
• security.W016: CSRF_COOKIE_SECURE is not set to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.
• security.W017: CSRF_COOKIE_HTTPONLY is not set to True. Using an HttpOnly CSRF cookie makes it more difficult for cross-site scripting attacks to steal the CSRF token.
• security.W018: You should not have DEBUG set to True in deployment.
• security.W019: You have django.middleware.clickjacking.XFrameOptionsMiddleware in yourMIDDLEWARE/MIDDLEWARE_CLASSES, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.
• security.W020: ALLOWED_HOSTS must not be empty in deployment.

Sites

The following checks are performed on any model using a CurrentSiteManager:

• sites.E001: CurrentSiteManager could not find a field named <field name>.
• sites.E002: CurrentSiteManager cannot use <field> as it is not a foreign key or a many-to-many field.

Database

MySQL

If you’re using MySQL, the following checks will be performed:

• mysql.E001: MySQL does not allow unique CharFields to have a max_length > 255.
• mysql.W002: MySQL Strict Mode is not set for database connection ‘<alias>’. See also Setting sql_mode.

Templates

The following checks verify that your TEMPLATES setting is correctly configured:

• templates.E001: You have 'APP_DIRS': True in your TEMPLATES but also specify 'loaders' in OPTIONS. Either remove APP_DIRS or remove the 'loaders' option.
• templates.E002: string_if_invalid in TEMPLATES OPTIONS must be a string but got: {value}({type}).

Caches

The following checks verify that your CACHES setting is correctly configured:

• caches.E001: You must define a 'default' cache in your CACHES setting.

URLs

The following checks are performed on your URL configuration:

• urls.W001: Your URL pattern <pattern> uses include() with a regex ending with a $. Remove the dollar from the regex to avoid problems including URLs.
• urls.W002: Your URL pattern <pattern> has a regex beginning with a /. Remove this slash as it is unnecessary. If this pattern is targeted in an include(), ensure the include() pattern has a trailing /.
• urls.W003: Your URL pattern <pattern> has a name including a :. Remove the colon, to avoid ambiguous namespace references.
• urls.E004: Your URL pattern <pattern> is invalid. Ensure that urlpatterns is a list of url()instances.

文章來(lái)源：https://django-chinese-doc.readthedocs.io/zh_CN/latest/ref/checks.html#django.core.checks.CheckMessage