manage.py check --deploy do in Django?When you run manage.py check --deploy in a Django project, what is the main purpose of this command?
Think about what 'check' commands usually do and what '--deploy' might imply.
The manage.py check --deploy command runs a set of security checks to help you find common deployment mistakes in your Django settings. It does not fix issues automatically or start servers.
manage.py check --deploy to warn about missing HTTPS?Given the following Django settings, which one will cause manage.py check --deploy to raise a warning about HTTPS security?
SECURE_SSL_REDIRECT = False SESSION_COOKIE_SECURE = False CSRF_COOKIE_SECURE = False SECURE_HSTS_SECONDS = 0
Which setting controls redirecting HTTP to HTTPS?
If SECURE_SSL_REDIRECT is False, Django warns that HTTP requests are not redirected to HTTPS, which is a security risk.
manage.py check --deploy warn about DEBUG=True?Consider a Django project with DEBUG = True in production. What is the reason manage.py check --deploy warns about this?
Think about what happens when an error occurs and DEBUG is on.
When DEBUG=True, Django shows detailed error pages with stack traces and environment info. This can reveal secrets to attackers, so it is unsafe in production.
SECURE_HSTS_SECONDS to a positive value?In Django settings, what happens when you set SECURE_HSTS_SECONDS to a positive integer like 3600?
Think about what HSTS means in web security.
HSTS (HTTP Strict Transport Security) tells browsers to only use HTTPS for your site for the specified time, improving security by preventing downgrade attacks.
To protect cookies from being accessed by JavaScript (helping prevent XSS attacks), which Django setting should be set to True?
Which cookie flag blocks JavaScript access?
Setting SESSION_COOKIE_HTTPONLY=True marks the cookie as HTTPOnly, so JavaScript cannot read it, reducing risk of cross-site scripting attacks.