System check framework

The system check framework is a set of static checks for validating Djangoprojects. It detects common problems and provides hints for how to fix them.The framework is extensible so you can easily add your own checks.

For details on how to add your own checks and integrate them with Django'ssystem checks, see the System check topic guide.

API reference

CheckMessage

  • class CheckMessage(level, msg, hint=None, obj=None, id=None)[source]
  • The warnings and errors raised by system checks must be instances ofCheckMessage. An instance encapsulates a single reportable error orwarning. It also provides context and hints applicable to the message, and aunique identifier that is used for filtering purposes.

Constructor arguments are:

  • level
  • The severity of the message. Use one of the predefined values: DEBUG,INFO, WARNING, ERROR, CRITICAL. If the level is greater orequal to ERROR, then Django will prevent management commands fromexecuting. Messages with level lower than ERROR (i.e. warnings) arereported to the console, but can be silenced.
  • msg
  • A short (less than 80 characters) string describing the problem. The stringshould not contain newlines.
  • hint
  • A single-line string providing a hint for fixing the problem. If no hintcan be provided, or the hint is self-evident from the error message, thehint can be omitted, or a value of None can be used.
  • obj
  • Optional. An object providing context for the message (for example, themodel where the problem was discovered). The object should be a model,field, or manager or any other object that defines a str() method.The method is used while reporting all messages and its result precedes themessage.
  • id

  • Optional string. A unique identifier for the issue. Identifiers shouldfollow the pattern applabel.X001, where X is one of the lettersCEWID, indicating the message severity (C for criticals, E forerrors and so). The number can be allocated by the application, but shouldbe unique within that application.There are subclasses to make creating messages with common levels easier. Whenusing them you can omit the level argument because it is implied by theclass name.

  • class Debug(msg, hint=None, obj=None, id=None)[source]

  • class Info(msg, hint=None, obj=None, id=None)[source]
  • class Warning(msg, hint=None obj=None, id=None)[source]
  • class Error(msg, hint=None, obj=None, id=None)[source]
  • class Critical(msg, hint=None, obj=None, id=None)[source]

Builtin tags

Django's system checks are organized using the following tags:

  • admin: Checks of any admin site declarations.
  • caches: Checks cache related configuration.
  • compatibility: Flags potential problems with version upgrades.
  • database: Checks database-related configuration issues. Database checksare not run by default because they do more than static code analysis asregular checks do. They are only run by the migrate command or ifyou specify the database tag when calling the check command.
  • models: Checks of model, field, and manager definitions.
  • security: Checks security related configuration.
  • signals: Checks on signal declarations and handler registrations.
  • staticfiles: Checks django.contrib.staticfiles configuration.
  • templates: Checks template related configuration.
  • urls: Checks URL configuration.Some checks may be registered with multiple tags.

Core system checks

Backwards compatibility

Compatibility checks warn of potential problems that might occur afterupgrading Django.

  • 2_0.W001: Your URL pattern <pattern> has a route that contains(?P<, begins with a ^, or ends with a $. This was likely anoversight when migrating from url() to path().

Caches

The following checks verify that your CACHES setting is correctlyconfigured:

  • caches.E001: You must define a 'default' cache in yourCACHES setting.

Database

MySQL

If you're using MySQL, the following checks will be performed:

  • mysql.E001: MySQL does not allow unique CharFields to have amax_length > 255.
  • mysql.W002: MySQL Strict Mode is not set for database connection''. See also Setting sql_mode.

Model fields

  • fields.E001: Field names must not end with an underscore.
  • fields.E002: Field names must not contain "__".
  • fields.E003: pk is a reserved word that cannot be used as a fieldname.
  • fields.E004: choices must be an iterable (e.g., a list or tuple).
  • fields.E005: choices must be an iterable returning (actual value,human readable name) tuples.
  • fields.E006: db_index must be None, True or False.
  • fields.E007: Primary keys must not have null=True.
  • fields.E008: All validators must be callable.
  • fields.E100: AutoFields must set primary_key=True.
  • fields.E110: BooleanFields do not accept null values.
  • fields.E120: CharFields must define a max_length attribute.
  • fields.E121: max_length must be a positive integer.
  • fields.W122: max_length is ignored when used with IntegerField.
  • fields.E130: DecimalFields must define a decimal_places attribute.
  • fields.E131: decimal_places must be a non-negative integer.
  • fields.E132: DecimalFields must define a max_digits attribute.
  • fields.E133: max_digits must be a non-negative integer.
  • fields.E134: max_digits must be greater or equal to decimal_places.
  • fields.E140: FilePathFields must have either allow_files orallow_folders set to True.
  • fields.E150: GenericIPAddressFields cannot accept blank values ifnull values are not allowed, as blank values are stored as nulls.
  • fields.E160: The options auto_now, auto_now_add, and defaultare mutually exclusive. Only one of these options may be present.
  • fields.W161: Fixed default value provided.
  • fields.W162: <database> does not support a database index on<field data type> columns.
  • fields.E900: IPAddressField has been removed except for support inhistorical migrations.
  • fields.W900: IPAddressField has been deprecated. Support for it(except in historical migrations) will be removed in Django 1.9. This checkappeared in Django 1.7 and 1.8.
  • fields.W901: CommaSeparatedIntegerField has been deprecated. Supportfor it (except in historical migrations) will be removed in Django 2.0. Thischeck appeared in Django 1.10 and 1.11.
  • fields.E901: CommaSeparatedIntegerField is removed except for supportin historical migrations.

File fields

  • fields.E200: unique is not a valid argument for a FileField.This check is removed in Django 1.11.
  • fields.E201: primary_key is not a valid argument for a FileField.
  • fields.E202: FileField’s upload_to argument must be a relativepath, not an absolute path.
  • fields.E210: Cannot use ImageField because Pillow is not installed.
  • fields.E300: Field defines a relation with model <model>, which iseither not installed, or is abstract.
  • fields.E301: Field defines a relation with the model <model> whichhas been swapped out.
  • fields.E302: Accessor for field <field name> clashes with field<field name>.
  • fields.E303: Reverse query name for field <field name> clashes withfield <field name>.
  • fields.E304: Field name <field name> clashes with accessor for<field name>.
  • fields.E305: Field name <field name> clashes with reverse query namefor <field name>.
  • fields.E306: Related name must be a valid Python identifier or end witha '+'.
  • fields.E307: The field <app label>.<model>.<field name> was declaredwith a lazy reference to <app label>.<model>, but app <app label>isn't installed or doesn't provide model <model>.
  • fields.E308: Reverse query name <related query name> must not endwith an underscore.
  • fields.E309: Reverse query name <related query name> must not contain'__'.
  • fields.E310: No subset of the fields <field1>, <field2>, … onmodel <model> is unique. Add unique=True on any of those fields oradd at least a subset of them to a unique_together constraint.
  • fields.E311: <model> must set unique=True because it isreferenced by a ForeignKey.
  • fields.E312: The to_field <field name> doesn't exist on therelated model <app label>.<model>.
  • fields.E320: Field specifies on_delete=SET_NULL, but cannot be null.
  • fields.E321: The field specifies on_delete=SET_DEFAULT, but has nodefault value.
  • fields.E330: ManyToManyFields cannot be unique.
  • fields.E331: Field specifies a many-to-many relation through model<model>, which has not been installed.
  • fields.E332: Many-to-many fields with intermediate tables must not besymmetrical.
  • fields.E333: The model is used as an intermediate model by <model>,but it has more than two foreign keys to <model>, which is ambiguous.You must specify which two foreign keys Django should use via thethrough_fields keyword argument.
  • fields.E334: The model is used as an intermediate model by <model>,but it has more than one foreign key from <model>, which is ambiguous.You must specify which foreign key Django should use via thethrough_fields keyword argument.
  • fields.E335: The model is used as an intermediate model by <model>,but it has more than one foreign key to <model>, which is ambiguous.You must specify which foreign key Django should use via thethrough_fields keyword argument.
  • fields.E336: The model is used as an intermediary model by <model>,but it does not have foreign key to <model> or <model>.
  • fields.E337: Field specifies through_fields but does not provide thenames of the two link fields that should be used for the relation through<model>.
  • fields.E338: The intermediary model <through model> has no field<field name>.
  • fields.E339: <model>.<field name> is not a foreign key to <model>.
  • fields.E340: The field's intermediary table <table name> clashes withthe table name of <model>/<model>.<field name>.
  • fields.W340: null has no effect on ManyToManyField.
  • fields.W341: ManyToManyField does not support validators.
  • fields.W342: Setting unique=True on a ForeignKey has the sameeffect as using a OneToOneField.
  • fields.W343: limit_choices_to has no effect on ManyToManyFieldwith a through model.

Models

  • models.E001: <swappable> is not of the form app_label.app_name.
  • models.E002: <SETTING> references <model>, which has not beeninstalled, or is abstract.
  • models.E003: The model has two many-to-many relations through theintermediate model <app_label>.<model>.
  • models.E004: id can only be used as a field name if the field alsosets primary_key=True.
  • models.E005: The field <field name> from parent model <model>clashes with the field <field name> from parent model <model>.
  • models.E006: The field clashes with the field <field name> from model<model>.
  • models.E007: Field <field name> has column name <column name>that is used by another field.
  • models.E008: index_together must be a list or tuple.
  • models.E009: All index_together elements must be lists or tuples.
  • models.E010: unique_together must be a list or tuple.
  • models.E011: All unique_together elements must be lists or tuples.
  • models.E012: index_together/unique_together refers to thenonexistent field <field name>.
  • models.E013: index_together/unique_together refers to aManyToManyField <field name>, but ManyToManyFields are notsupported for that option.
  • models.E014: ordering must be a tuple or list (even if you want toorder by only one field).
  • models.E015: ordering refers to the nonexistent field<field name>.
  • models.E016: index_together/unique_together refers to field<field_name> which is not local to model <model>.
  • models.E017: Proxy model <model> contains model fields.
  • models.E018: Autogenerated column name too long for field <field>.Maximum length is <maximum length> for database <alias>.
  • models.E019: Autogenerated column name too long for M2M field<M2M field>. Maximum length is <maximum length> for database<alias>.
  • models.E020: The <model>.check() class method is currently overridden.
  • models.E021: ordering and order_with_respect_to cannot be usedtogether.
  • models.E022: <function> contains a lazy reference to<app label>.<model>, but app <app label> isn't installed ordoesn't provide model <model>.
  • models.E023: The model name <model> cannot start or end with anunderscore as it collides with the query lookup syntax.
  • models.E024: The model name <model> cannot contain double underscoresas it collides with the query lookup syntax.

Security

The security checks do not make your site secure. They do not audit code, dointrusion detection, or do anything particularly complex. Rather, they helpperform an automated, low-hanging-fruit checklist. They help you remember thesimple things that improve your site's security.

Some of these checks may not be appropriate for your particular deploymentconfiguration. For instance, if you do your HTTP to HTTPS redirection in a loadbalancer, it'd be irritating to be constantly warned about not having enabledSECURE_SSL_REDIRECT. Use SILENCED_SYSTEM_CHECKS tosilence unneeded checks.

The following checks are run if you use the check —deploy option:

  • security.W001: You do not havedjango.middleware.security.SecurityMiddleware in yourMIDDLEWARE so the SECURE_HSTS_SECONDS,SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER,and SECURE_SSL_REDIRECT settings will have no effect.
  • security.W002: You do not havedjango.middleware.clickjacking.XFrameOptionsMiddleware in yourMIDDLEWARE, so your pages will not be served with an'x-frame-options' header. Unless there is a good reason for yoursite to be served in a frame, you should consider enabling thisheader to help prevent clickjacking attacks.
  • security.W003: You don't appear to be using Django's built-in cross-siterequest forgery protection via the middleware(django.middleware.csrf.CsrfViewMiddleware is not in yourMIDDLEWARE). Enabling the middleware is the safestapproach to ensure you don't leave any holes.
  • security.W004: You have not set a value for theSECURE_HSTS_SECONDS setting. If your entire site is served onlyover SSL, you may want to consider setting a value and enabling HTTPStrict Transport Security. Be sure to readthe documentation first; enabling HSTS carelessly can cause serious,irreversible problems.
  • security.W005: You have not set theSECURE_HSTS_INCLUDE_SUBDOMAINS setting to True. Without this,your site is potentially vulnerable to attack via an insecure connection to asubdomain. Only set this to True if you are certain that all subdomains ofyour domain should be served exclusively via SSL.
  • security.W006: Your SECURE_CONTENT_TYPE_NOSNIFF setting is notset to True, so your pages will not be served with an'x-content-type-options: nosniff' header. You should consider enablingthis header to prevent the browser from identifying content types incorrectly.
  • security.W007: Your SECURE_BROWSER_XSS_FILTER setting is notset to True, so your pages will not be served with an'x-xss-protection: 1; mode=block' header. You should consider enablingthis header to activate the browser's XSS filtering and help prevent XSSattacks.
  • security.W008: Your SECURE_SSL_REDIRECT setting is not set toTrue. Unless your site should be available over both SSL and non-SSLconnections, you may want to either set this setting to True or configurea load balancer or reverse-proxy server to redirect all connections to HTTPS.
  • security.W009: Your SECRET_KEY has less than 50 characters orless than 5 unique characters. Please generate a long and randomSECRET_KEY, otherwise many of Django's security-critical features will bevulnerable to attack.
  • security.W010: You have django.contrib.sessions in yourINSTALLED_APPS but you have not setSESSION_COOKIE_SECURE to True. Using a secure-only sessioncookie makes it more difficult for network traffic sniffers to hijack usersessions.
  • security.W011: You havedjango.contrib.sessions.middleware.SessionMiddleware in yourMIDDLEWARE, but you have not set SESSION_COOKIE_SECUREto True. Using a secure-only session cookie makes it more difficult fornetwork traffic sniffers to hijack user sessions.
  • security.W012: SESSION_COOKIE_SECURE is not set to True.Using a secure-only session cookie makes it more difficult for network trafficsniffers to hijack user sessions.
  • security.W013: You have django.contrib.sessions in yourINSTALLED_APPS, but you have not setSESSION_COOKIE_HTTPONLY to True. Using an HttpOnly sessioncookie makes it more difficult for cross-site scripting attacks to hijack usersessions.
  • security.W014: You havedjango.contrib.sessions.middleware.SessionMiddleware in yourMIDDLEWARE, but you have not set SESSION_COOKIE_HTTPONLYto True. Using an HttpOnly session cookie makes it more difficult forcross-site scripting attacks to hijack user sessions.
  • security.W015: SESSION_COOKIE_HTTPONLY is not set to True.Using an HttpOnly session cookie makes it more difficult for cross-sitescripting attacks to hijack user sessions.
  • security.W016: CSRF_COOKIE_SECURE is not set to True.Using a secure-only CSRF cookie makes it more difficult for network trafficsniffers to steal the CSRF token.
  • security.W017: CSRF_COOKIE_HTTPONLY is not set to True.Using an HttpOnly CSRF cookie makes it more difficult for cross-sitescripting attacks to steal the CSRF token. This check is removed in Django1.11 as theCSRF_COOKIE_HTTPONLYsetting offers no praticalbenefit.
  • security.W018: You should not have DEBUG set to True indeployment.
  • security.W019: You havedjango.middleware.clickjacking.XFrameOptionsMiddleware in yourMIDDLEWARE, but X_FRAME_OPTIONS is not set to'DENY'. The default is 'SAMEORIGIN', but unless there is a good reasonfor your site to serve other parts of itself in a frame, you should changeit to 'DENY'.
  • security.W020: ALLOWED_HOSTS must not be empty in deployment.
  • security.W021: You have not set theSECURE_HSTS_PRELOAD setting to True. Without this, your sitecannot be submitted to the browser preload list.

Signals

  • signals.E001: <handler> was connected to the <signal> signal witha lazy reference to the sender <app label>.<model>, but app <app label>isn't installed or doesn't provide model <model>.

Templates

The following checks verify that your TEMPLATES setting is correctlyconfigured:

  • templates.E001: You have 'APP_DIRS': True in yourTEMPLATES but also specify 'loaders' in OPTIONS. Eitherremove APP_DIRS or remove the 'loaders' option.
  • templates.E002: string_if_invalid in TEMPLATESOPTIONS must be a string but got: {value}({type}).

URLs

The following checks are performed on your URL configuration:

  • urls.W001: Your URL pattern <pattern> usesinclude() with a route ending with a $. Remove thedollar from the route to avoid problems including URLs.
  • urls.W002: Your URL pattern <pattern> has a route beginning witha /. Remove this slash as it is unnecessary. If this pattern is targetedin an include(), ensure the include()pattern has a trailing /.
  • urls.W003: Your URL pattern <pattern> has a nameincluding a :. Remove the colon, to avoid ambiguous namespacereferences.
  • urls.E004: Your URL pattern <pattern> is invalid. Ensure thaturlpatterns is a list of path() and/orre_path() instances.
  • urls.W005: URL namespace <namespace> isn't unique. You may not beable to reverse all URLs in this namespace.
  • urls.E006: The MEDIA_URL/ STATIC_URL setting mustend with a slash.

contrib app checks

admin

Admin checks are all performed as part of the admin tag.

The following checks are performed on anyModelAdmin (or subclass) that is registeredwith the admin site:

  • admin.E001: The value of raw_id_fields must be a list or tuple.
  • admin.E002: The value of raw_id_fields[n] refers to <field name>,which is not an attribute of <model>.
  • admin.E003: The value of raw_id_fields[n] must be a foreign key ora many-to-many field.
  • admin.E004: The value of fields must be a list or tuple.
  • admin.E005: Both fieldsets and fields are specified.
  • admin.E006: The value of fields contains duplicate field(s).
  • admin.E007: The value of fieldsets must be a list or tuple.
  • admin.E008: The value of fieldsets[n] must be a list or tuple.
  • admin.E009: The value of fieldsets[n] must be of length 2.
  • admin.E010: The value of fieldsets[n][1] must be a dictionary.
  • admin.E011: The value of fieldsets[n][1] must contain the keyfields.
  • admin.E012: There are duplicate field(s) in fieldsets[n][1].
  • admin.E013: fields[n]/fieldsets[n][m] cannot include theManyToManyField <field name>, because that field manually specifies arelationship model.
  • admin.E014: The value of exclude must be a list or tuple.
  • admin.E015: The value of exclude contains duplicate field(s).
  • admin.E016: The value of form must inherit from BaseModelForm.
  • admin.E017: The value of filter_vertical must be a list or tuple.
  • admin.E018: The value of filter_horizontal must be a list or tuple.
  • admin.E019: The value of filter_vertical[n]/filter_vertical[n] refersto <field name>, which is not an attribute of <model>.
  • admin.E020: The value of filter_vertical[n]/filter_vertical[n] mustbe a many-to-many field.
  • admin.E021: The value of radio_fields must be a dictionary.
  • admin.E022: The value of radio_fields refers to <field name>,which is not an attribute of <model>.
  • admin.E023: The value of radio_fields refers to <field name>,which is not a ForeignKey, and does not have a choices definition.
  • admin.E024: The value of radio_fields[<field name>] must be eitheradmin.HORIZONTAL or admin.VERTICAL.
  • admin.E025: The value of view_on_site must be either a callable or aboolean value.
  • admin.E026: The value of prepopulated_fields must be a dictionary.
  • admin.E027: The value of prepopulated_fields refers to<field name>, which is not an attribute of <model>.
  • admin.E028: The value of prepopulated_fields refers to<field name>, which must not be a DateTimeField, a ForeignKey,a OneToOneField, or a ManyToManyField field.
  • admin.E029: The value of prepopulated_fields[<field name>] must be alist or tuple.
  • admin.E030: The value of prepopulated_fields refers to<field name>, which is not an attribute of <model>.
  • admin.E031: The value of ordering must be a list or tuple.
  • admin.E032: The value of ordering has the random ordering marker?, but contains other fields as well.
  • admin.E033: The value of ordering refers to <field name>, whichis not an attribute of <model>.
  • admin.E034: The value of readonly_fields must be a list or tuple.
  • admin.E035: The value of readonly_fields[n] is not a callable, anattribute of <ModelAdmin class>, or an attribute of <model>.
  • admin.E036: The value of autocomplete_fields must be a list or tuple.
  • admin.E037: The value of autocomplete_fields[n] refers to<field name>, which is not an attribute of <model>.
  • admin.E038: The value of autocomplete_fields[n] must be a foreignkey or a many-to-many field.
  • admin.E039: An admin for model <model> has to be registered to bereferenced by <modeladmin>.autocomplete_fields.
  • admin.E040: <modeladmin> must define search_fields, becauseit's referenced by <other_modeladmin>.autocomplete_fields.

ModelAdmin

The following checks are performed on anyModelAdmin that is registeredwith the admin site:

  • admin.E101: The value of save_as must be a boolean.
  • admin.E102: The value of save_on_top must be a boolean.
  • admin.E103: The value of inlines must be a list or tuple.
  • admin.E104: <InlineModelAdmin class> must inherit fromInlineModelAdmin.
  • admin.E105: <InlineModelAdmin class> must have a model attribute.
  • admin.E106: The value of <InlineModelAdmin class>.model must be aModel.
  • admin.E107: The value of list_display must be a list or tuple.
  • admin.E108: The value of list_display[n] refers to <label>,which is not a callable, an attribute of <ModelAdmin class>, or anattribute or method on <model>.
  • admin.E109: The value of list_display[n] must not be aManyToManyField field.
  • admin.E110: The value of list_display_links must be a list, a tuple,or None.
  • admin.E111: The value of list_display_links[n] refers to <label>,which is not defined in list_display.
  • admin.E112: The value of list_filter must be a list or tuple.
  • admin.E113: The value of list_filter[n] must inherit fromListFilter.
  • admin.E114: The value of list_filter[n] must not inherit fromFieldListFilter.
  • admin.E115: The value of list_filter[n][1] must inherit fromFieldListFilter.
  • admin.E116: The value of list_filter[n] refers to <label>,which does not refer to a Field.
  • admin.E117: The value of list_select_related must be a boolean,tuple or list.
  • admin.E118: The value of list_per_page must be an integer.
  • admin.E119: The value of list_max_show_all must be an integer.
  • admin.E120: The value of list_editable must be a list or tuple.
  • admin.E121: The value of list_editable[n] refers to <label>,which is not an attribute of <model>.
  • admin.E122: The value of list_editable[n] refers to <label>,which is not contained in list_display.
  • admin.E123: The value of list_editable[n] cannot be in bothlist_editable and list_display_links.
  • admin.E124: The value of list_editable[n] refers to the first fieldin list_display (<label>), which cannot be used unlesslist_display_links is set.
  • admin.E125: The value of list_editable[n] refers to <field name>,which is not editable through the admin.
  • admin.E126: The value of search_fields must be a list or tuple.
  • admin.E127: The value of date_hierarchy refers to <field name>,which does not refer to a Field.
  • admin.E128: The value of date_hierarchy must be a DateField orDateTimeField.

InlineModelAdmin

The following checks are performed on anyInlineModelAdmin that is registered as aninline on a ModelAdmin.

  • admin.E201: Cannot exclude the field <field name>, because it is theforeign key to the parent model <app_label>.<model>.
  • admin.E202: <model> has no ForeignKey to <parent model>./<model> has more than one ForeignKey to <parent model>.
  • admin.E203: The value of extra must be an integer.
  • admin.E204: The value of max_num must be an integer.
  • admin.E205: The value of min_num must be an integer.
  • admin.E206: The value of formset must inherit fromBaseModelFormSet.

GenericInlineModelAdmin

The following checks are performed on anyGenericInlineModelAdmin that isregistered as an inline on a ModelAdmin.

  • admin.E301: 'ct_field' references <label>, which is not a fieldon <model>.
  • admin.E302: 'ct_fk_field' references <label>, which is not afield on <model>.
  • admin.E303: <model> has no GenericForeignKey.
  • admin.E304: <model> has no GenericForeignKey using content typefield <field name> and object ID field <field name>.

AdminSite

The following checks are performed on the defaultAdminSite:

auth

  • auth.E001: REQUIRED_FIELDS must be a list or tuple.
  • auth.E002: The field named as the USERNAME_FIELD for a custom usermodel must not be included in REQUIRED_FIELDS.
  • auth.E003: <field> must be unique because it is named as theUSERNAME_FIELD.
  • auth.W004: <field> is named as the USERNAME_FIELD, but it is notunique.
  • auth.E005: The permission codenamed <codename> clashes with a builtinpermission for model <model>.
  • auth.E006: The permission codenamed <codename> is duplicated for model<model>.
  • auth.E007: The verbose_name of model <model> must be at most244 characters for its builtin permission namesto be at most 255 characters.
  • auth.E008: The permission named <name> of model <model> is longerthan 255 characters.
  • auth.C009: <User model>.is_anonymous must be an attribute or propertyrather than a method. Ignoring this is a security issue as anonymous userswill be treated as authenticated!
  • auth.C010: <User model>.is_authenticated must be an attribute orproperty rather than a method. Ignoring this is a security issue as anonymoususers will be treated as authenticated!

contenttypes

The following checks are performed when a model contains aGenericForeignKey orGenericRelation:

  • contenttypes.E001: The GenericForeignKey object ID references thenonexistent field <field>.
  • contenttypes.E002: The GenericForeignKey content type references thenonexistent field <field>.
  • contenttypes.E003: <field> is not a ForeignKey.
  • contenttypes.E004: <field> is not a ForeignKey tocontenttypes.ContentType.
  • contenttypes.E005: Model names must be at most 100 characters.

sites

The following checks are performed on any model using aCurrentSiteManager:

  • sites.E001: CurrentSiteManager could not find a field named<field name>.
  • sites.E002: CurrentSiteManager cannot use <field> as it is not aforeign key or a many-to-many field.

staticfiles

The following checks verify that django.contrib.staticfiles is correctlyconfigured: