System check framework¶
The system check framework is a set of static checks for validating Django projects. It detects common problems and provides hints for how to fix them. The framework is extensible so you can easily add your own checks.
For details on how to add your own checks and integrate them with Django’s system checks, see the System check topic guide.
API reference¶
CheckMessage
¶
The warnings and errors raised by system checks must be instances of
CheckMessage
. An instance encapsulates a single reportable error or
warning. It also provides context and hints applicable to the message, and a
unique identifier that is used for filtering purposes.
Constructor arguments are:
level
- The severity of the message. Use one of the predefined values:
DEBUG
,INFO
,WARNING
,ERROR
,CRITICAL
. If the level is greater or equal toERROR
, then Django will prevent management commands from executing. Messages with level lower thanERROR
(i.e. warnings) are reported to the console, but can be silenced. msg
- A short (less than 80 characters) string describing the problem. The string should not contain newlines.
hint
- A single-line string providing a hint for fixing the problem. If no hint
can be provided, or the hint is self-evident from the error message, the
hint can be omitted, or a value of
None
can be used. obj
- Optional. An object providing context for the message (for example, the
model where the problem was discovered). The object should be a model,
field, or manager or any other object that defines a
__str__()
method. The method is used while reporting all messages and its result precedes the message. id
- Optional string. A unique identifier for the issue. Identifiers should
follow the pattern
applabel.X001
, whereX
is one of the lettersCEWID
, indicating the message severity (C
for criticals,E
for errors and so). The number can be allocated by the application, but should be unique within that application.
There are subclasses to make creating messages with common levels easier. When
using them you can omit the level
argument because it is implied by the
class name.
Builtin tags¶
Django’s system checks are organized using the following tags:
admin
: Checks of any admin site declarations.async_support
: Checks asynchronous-related configuration.caches
: Checks cache related configuration.compatibility
: Flags potential problems with version upgrades.database
: Checks database-related configuration issues. Database checks are not run by default because they do more than static code analysis as regular checks do. They are only run by themigrate
command or if you specify configured database aliases using the--database
option when calling thecheck
command.files
: Checks files related configuration.models
: Checks of model, field, and manager definitions.security
: Checks security related configuration.signals
: Checks on signal declarations and handler registrations.sites
: Checksdjango.contrib.sites
configuration.staticfiles
: Checksdjango.contrib.staticfiles
configuration.templates
: Checks template related configuration.translation
: Checks translation related configuration.urls
: Checks URL configuration.
Some checks may be registered with multiple tags.
The sites
tag was added.
The files
tag was added.
Core system checks¶
Asynchronous support¶
The following checks verify your setup for Asynchronous support:
- async.E001: You should not set the
DJANGO_ALLOW_ASYNC_UNSAFE
environment variable in deployment. This disables async safety protection.
Backwards compatibility¶
Compatibility checks warn of potential problems that might occur after upgrading Django.
- 2_0.W001: Your URL pattern
<pattern>
has aroute
that contains(?P<
, begins with a^
, or ends with a$
. This was likely an oversight when migrating fromurl()
topath()
. - 4_0.E001: As of Django 4.0, the values in the
CSRF_TRUSTED_ORIGINS
setting must start with a scheme (usuallyhttp://
orhttps://
) but found<hostname>
.
Caches¶
The following checks verify that your CACHES
setting is correctly
configured:
- caches.E001: You must define a
'default'
cache in yourCACHES
setting. - caches.W002: Your
<cache>
configuration might expose your cache or lead to corruption of your data because itsLOCATION
matches/is inside/containsMEDIA_ROOT
/STATIC_ROOT
/STATICFILES_DIRS
. - caches.W003: Your
<cache>
cacheLOCATION
is relative. Use an absolute path instead.
Database¶
MySQL and MariaDB¶
If you’re using MySQL or MariaDB, the following checks will be performed:
- mysql.E001: MySQL/MariaDB does not allow unique
CharField
s to have amax_length
> 255. This check was changed tomysql.W003
in Django 3.1 as the real maximum size depends on many factors. - mysql.W002: MySQL/MariaDB Strict Mode is not set for database connection
<alias>
. See also Setting sql_mode. - mysql.W003: MySQL/MariaDB may not allow unique
CharField
s to have amax_length
> 255.
Managing files¶
The following checks verify your setup for Managing files:
- files.E001: The
FILE_UPLOAD_TEMP_DIR
setting refers to the nonexistent directory<path>
.
Model fields¶
- fields.E001: Field names must not end with an underscore.
- fields.E002: Field names must not contain
"__"
. - fields.E003:
pk
is a reserved word that cannot be used as a field name. - fields.E004:
choices
must be an iterable (e.g., a list or tuple). - fields.E005:
choices
must be an iterable containing(actual value, human readable name)
tuples. - fields.E006:
db_index
must beNone
,True
orFalse
. - fields.E007: Primary keys must not have
null=True
. - fields.E008: All
validators
must be callable. - fields.E009:
max_length
is too small to fit the longest value inchoices
(<count>
characters). - fields.E010:
<field>
default should be a callable instead of an instance so that it’s not shared between all field instances. - fields.E100:
AutoField
s must set primary_key=True. - fields.E110:
BooleanField
s do not accept null values. This check appeared before support for null values was added in Django 2.1. - fields.E120:
CharField
s must define amax_length
attribute. - fields.E121:
max_length
must be a positive integer. - fields.W122:
max_length
is ignored when used with<integer field type>
. - fields.E130:
DecimalField
s must define adecimal_places
attribute. - fields.E131:
decimal_places
must be a non-negative integer. - fields.E132:
DecimalField
s must define amax_digits
attribute. - fields.E133:
max_digits
must be a positive integer. - fields.E134:
max_digits
must be greater or equal todecimal_places
. - fields.E140:
FilePathField
s must have eitherallow_files
orallow_folders
set to True. - fields.E150:
GenericIPAddressField
s cannot haveblank=True
ifnull=False
, as blank values are stored as nulls. - fields.E160: The options
auto_now
,auto_now_add
, anddefault
are mutually exclusive. Only one of these options may be present. - fields.W161: Fixed default value provided.
- fields.W162:
<database>
does not support a database index on<field data type>
columns. - fields.E170:
BinaryField
’sdefault
cannot be a string. Use bytes content instead. - fields.E180:
<database>
does not supportJSONField
s. - fields.E190:
<database>
does not support a database collation on<field_type>
s. - fields.E900:
IPAddressField
has been removed except for support in historical migrations. - fields.W900:
IPAddressField
has been deprecated. Support for it (except in historical migrations) will be removed in Django 1.9. This check appeared in Django 1.7 and 1.8. - fields.W901:
CommaSeparatedIntegerField
has been deprecated. Support for it (except in historical migrations) will be removed in Django 2.0. This check appeared in Django 1.10 and 1.11. - fields.E901:
CommaSeparatedIntegerField
is removed except for support in historical migrations. - fields.W902:
FloatRangeField
is deprecated and will be removed in Django 3.1. This check appeared in Django 2.2 and 3.0. - fields.W903:
NullBooleanField
is deprecated. Support for it (except in historical migrations) will be removed in Django 4.0. This check appeared in Django 3.1 and 3.2. - fields.E903:
NullBooleanField
is removed except for support in historical migrations. - fields.W904:
django.contrib.postgres.fields.JSONField
is deprecated. Support for it (except in historical migrations) will be removed in Django 4.0. This check appeared in Django 3.1 and 3.2. - fields.E904:
django.contrib.postgres.fields.JSONField
is removed except for support in historical migrations.
File fields¶
- fields.E200:
unique
is not a valid argument for aFileField
. This check is removed in Django 1.11. - fields.E201:
primary_key
is not a valid argument for aFileField
. - fields.E202:
FileField
’supload_to
argument must be a relative path, not an absolute path. - fields.E210: Cannot use
ImageField
because Pillow is not installed.
Models¶
- models.E001:
<swappable>
is not of the formapp_label.app_name
. - models.E002:
<SETTING>
references<model>
, which has not been installed, or is abstract. - models.E003: The model has two identical many-to-many relations through
the intermediate model
<app_label>.<model>
. - models.E004:
id
can only be used as a field name if the field also setsprimary_key=True
. - models.E005: The field
<field name>
from parent model<model>
clashes with the field<field name>
from parent model<model>
. - models.E006: The field
<field name>
clashes with the field<field name>
from model<model>
. - models.E007: Field
<field name>
has column name<column name>
that is used by another field. - models.E008:
index_together
must be a list or tuple. - models.E009: All
index_together
elements must be lists or tuples. - models.E010:
unique_together
must be a list or tuple. - models.E011: All
unique_together
elements must be lists or tuples. - models.E012:
constraints/indexes/index_together/unique_together
refers to the nonexistent field<field name>
. - models.E013:
constraints/indexes/index_together/unique_together
refers to aManyToManyField
<field name>
, butManyToManyField
s are not supported for that option. - models.E014:
ordering
must be a tuple or list (even if you want to order by only one field). - models.E015:
ordering
refers to the nonexistent field, related field, or lookup<field name>
. - models.E016:
constraints/indexes/index_together/unique_together
refers to field<field_name>
which is not local to model<model>
. - models.E017: Proxy model
<model>
contains model fields. - models.E018: Autogenerated column name too long for field
<field>
. Maximum length is<maximum length>
for database<alias>
. - models.E019: Autogenerated column name too long for M2M field
<M2M field>
. Maximum length is<maximum length>
for database<alias>
. - models.E020: The
<model>.check()
class method is currently overridden. - models.E021:
ordering
andorder_with_respect_to
cannot be used together. - models.E022:
<function>
contains a lazy reference to<app label>.<model>
, but app<app label>
isn’t installed or doesn’t provide model<model>
. - models.E023: The model name
<model>
cannot start or end with an underscore as it collides with the query lookup syntax. - models.E024: The model name
<model>
cannot contain double underscores as it collides with the query lookup syntax. - models.E025: The property
<property name>
clashes with a related field accessor. - models.E026: The model cannot have more than one field with
primary_key=True
. - models.W027:
<database>
does not support check constraints. - models.E028:
db_table
<db_table>
is used by multiple models:<model list>
. - models.E029: index name
<index>
is not unique for model<model>
. - models.E030: index name
<index>
is not unique among models:<model list>
. - models.E031: constraint name
<constraint>
is not unique for model<model>
. - models.E032: constraint name
<constraint>
is not unique among models:<model list>
. - models.E033: The index name
<index>
cannot start with an underscore or a number. - models.E034: The index name
<index>
cannot be longer than<max_length>
characters. - models.W035:
db_table
<db_table>
is used by multiple models:<model list>
. - models.W036:
<database>
does not support unique constraints with conditions. - models.W037:
<database>
does not support indexes with conditions. - models.W038:
<database>
does not support deferrable unique constraints. - models.W039:
<database>
does not support unique constraints with non-key columns. - models.W040:
<database>
does not support indexes with non-key columns. - models.E041:
constraints
refers to the joined field<field name>
. - models.W042: Auto-created primary key used when not defining a primary
key type, by default
django.db.models.AutoField
. - models.W043:
<database>
does not support indexes on expressions. - models.W044:
<database>
does not support unique constraints on expressions.
Security¶
The security checks do not make your site secure. They do not audit code, do intrusion detection, or do anything particularly complex. Rather, they help perform an automated, low-hanging-fruit checklist, that can help you to improve your site’s security.
Some of these checks may not be appropriate for your particular deployment
configuration. For instance, if you do your HTTP to HTTPS redirection in a load
balancer, it’d be irritating to be constantly warned about not having enabled
SECURE_SSL_REDIRECT
. Use SILENCED_SYSTEM_CHECKS
to
silence unneeded checks.
The following checks are run if you use the check --deploy
option:
- security.W001: You do not have
django.middleware.security.SecurityMiddleware
in yourMIDDLEWARE
so theSECURE_HSTS_SECONDS
,SECURE_CONTENT_TYPE_NOSNIFF
,SECURE_REFERRER_POLICY
,SECURE_CROSS_ORIGIN_OPENER_POLICY
, andSECURE_SSL_REDIRECT
settings will have no effect. - security.W002: You do not have
django.middleware.clickjacking.XFrameOptionsMiddleware
in yourMIDDLEWARE
, so your pages will not be served with an'x-frame-options'
header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks. - security.W003: You don’t appear to be using Django’s built-in cross-site
request forgery protection via the middleware
(
django.middleware.csrf.CsrfViewMiddleware
is not in yourMIDDLEWARE
). Enabling the middleware is the safest approach to ensure you don’t leave any holes. - security.W004: You have not set a value for the
SECURE_HSTS_SECONDS
setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems. - security.W005: You have not set the
SECURE_HSTS_INCLUDE_SUBDOMAINS
setting toTrue
. Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this toTrue
if you are certain that all subdomains of your domain should be served exclusively via SSL. - security.W006: Your
SECURE_CONTENT_TYPE_NOSNIFF
setting is not set toTrue
, so your pages will not be served with an'X-Content-Type-Options: nosniff'
header. You should consider enabling this header to prevent the browser from identifying content types incorrectly. - security.W007: Your
SECURE_BROWSER_XSS_FILTER
setting is not set toTrue
, so your pages will not be served with an'X-XSS-Protection: 1; mode=block'
header. You should consider enabling this header to activate the browser’s XSS filtering and help prevent XSS attacks. This check is removed in Django 3.0 as theX-XSS-Protection
header is no longer honored by modern browsers. - security.W008: Your
SECURE_SSL_REDIRECT
setting is not set toTrue
. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting toTrue
or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS. - security.W009: Your
SECRET_KEY
has less than 50 characters, less than 5 unique characters, or it’s prefixed with'django-insecure-'
indicating that it was generated automatically by Django. Please generate a long and randomSECRET_KEY
, otherwise many of Django’s security-critical features will be vulnerable to attack. - security.W010: You have
django.contrib.sessions
in yourINSTALLED_APPS
but you have not setSESSION_COOKIE_SECURE
toTrue
. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. - security.W011: You have
django.contrib.sessions.middleware.SessionMiddleware
in yourMIDDLEWARE
, but you have not setSESSION_COOKIE_SECURE
toTrue
. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. - security.W012:
SESSION_COOKIE_SECURE
is not set toTrue
. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. - security.W013: You have
django.contrib.sessions
in yourINSTALLED_APPS
, but you have not setSESSION_COOKIE_HTTPONLY
toTrue
. Using anHttpOnly
session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions. - security.W014: You have
django.contrib.sessions.middleware.SessionMiddleware
in yourMIDDLEWARE
, but you have not setSESSION_COOKIE_HTTPONLY
toTrue
. Using anHttpOnly
session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions. - security.W015:
SESSION_COOKIE_HTTPONLY
is not set toTrue
. Using anHttpOnly
session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions. - security.W016:
CSRF_COOKIE_SECURE
is not set toTrue
. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token. - security.W017:
CSRF_COOKIE_HTTPONLY
is not set toTrue
. Using anHttpOnly
CSRF cookie makes it more difficult for cross-site scripting attacks to steal the CSRF token. This check is removed in Django 1.11 as theCSRF_COOKIE_HTTPONLY
setting offers no practical benefit. - security.W018: You should not have
DEBUG
set toTrue
in deployment. - security.W019: You have
django.middleware.clickjacking.XFrameOptionsMiddleware
in yourMIDDLEWARE
, butX_FRAME_OPTIONS
is not set to'DENY'
. Unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to'DENY'
. - security.W020:
ALLOWED_HOSTS
must not be empty in deployment. - security.W021: You have not set the
SECURE_HSTS_PRELOAD
setting toTrue
. Without this, your site cannot be submitted to the browser preload list. - security.W022: You have not set the
SECURE_REFERRER_POLICY
setting. Without this, your site will not send a Referrer-Policy header. You should consider enabling this header to protect user privacy. - security.E023: You have set the
SECURE_REFERRER_POLICY
setting to an invalid value. - security.E024: You have set the
SECURE_CROSS_ORIGIN_OPENER_POLICY
setting to an invalid value.
The following checks verify that your security-related settings are correctly configured:
- security.E100:
DEFAULT_HASHING_ALGORITHM
must be'sha1'
or'sha256'
. This check appeared in Django 3.1 and 3.2. - security.E101: The CSRF failure view
'path.to.view'
does not take the correct number of arguments. - security.E102: The CSRF failure view
'path.to.view'
could not be imported.
Signals¶
- signals.E001:
<handler>
was connected to the<signal>
signal with a lazy reference to the sender<app label>.<model>
, but app<app label>
isn’t installed or doesn’t provide model<model>
.
Translation¶
The following checks are performed on your translation configuration:
- translation.E001: You have provided an invalid value for the
LANGUAGE_CODE
setting:<value>
. - translation.E002: You have provided an invalid language code in the
LANGUAGES
setting:<value>
. - translation.E003: You have provided an invalid language code in the
LANGUAGES_BIDI
setting:<value>
. - translation.E004: You have provided a value for the
LANGUAGE_CODE
setting that is not in theLANGUAGES
setting.
URLs¶
The following checks are performed on your URL configuration:
- urls.W001: Your URL pattern
<pattern>
usesinclude()
with aroute
ending with a$
. Remove the dollar from theroute
to avoid problems including URLs. - urls.W002: Your URL pattern
<pattern>
has aroute
beginning with a/
. Remove this slash as it is unnecessary. If this pattern is targeted in aninclude()
, ensure theinclude()
pattern has a trailing/
. - urls.W003: Your URL pattern
<pattern>
has aname
including a:
. Remove the colon, to avoid ambiguous namespace references. - urls.E004: Your URL pattern
<pattern>
is invalid. Ensure thaturlpatterns
is a list ofpath()
and/orre_path()
instances. - urls.W005: URL namespace
<namespace>
isn’t unique. You may not be able to reverse all URLs in this namespace. - urls.E006: The
MEDIA_URL
/STATIC_URL
setting must end with a slash. - urls.E007: The custom
handlerXXX
view'path.to.view'
does not take the correct number of arguments (…). - urls.E008: The custom
handlerXXX
view'path.to.view'
could not be imported. - urls.E009: Your URL pattern
<pattern>
has an invalid view, pass<view>.as_view()
instead of<view>
.
contrib
app checks¶
admin
¶
Admin checks are all performed as part of the admin
tag.
The following checks are performed on any
ModelAdmin
(or subclass) that is registered
with the admin site:
- admin.E001: The value of
raw_id_fields
must be a list or tuple. - admin.E002: The value of
raw_id_fields[n]
refers to<field name>
, which is not a field of<model>
. - admin.E003: The value of
raw_id_fields[n]
must be a foreign key or a many-to-many field. - admin.E004: The value of
fields
must be a list or tuple. - admin.E005: Both
fieldsets
andfields
are specified. - admin.E006: The value of
fields
contains duplicate field(s). - admin.E007: The value of
fieldsets
must be a list or tuple. - admin.E008: The value of
fieldsets[n]
must be a list or tuple. - admin.E009: The value of
fieldsets[n]
must be of length 2. - admin.E010: The value of
fieldsets[n][1]
must be a dictionary. - admin.E011: The value of
fieldsets[n][1]
must contain the keyfields
. - admin.E012: There are duplicate field(s) in
fieldsets[n][1]
. - admin.E013:
fields[n]/fieldsets[n][m]
cannot include theManyToManyField
<field name>
, because that field manually specifies a relationship model. - admin.E014: The value of
exclude
must be a list or tuple. - admin.E015: The value of
exclude
contains duplicate field(s). - admin.E016: The value of
form
must inherit fromBaseModelForm
. - admin.E017: The value of
filter_vertical
must be a list or tuple. - admin.E018: The value of
filter_horizontal
must be a list or tuple. - admin.E019: The value of
filter_vertical[n]/filter_horizontal[n]
refers to<field name>
, which is not a field of<model>
. - admin.E020: The value of
filter_vertical[n]/filter_horizontal[n]
must be a many-to-many field. - admin.E021: The value of
radio_fields
must be a dictionary. - admin.E022: The value of
radio_fields
refers to<field name>
, which is not a field of<model>
. - admin.E023: The value of
radio_fields
refers to<field name>
, which is not an instance ofForeignKey
, and does not have achoices
definition. - admin.E024: The value of
radio_fields[<field name>]
must be eitheradmin.HORIZONTAL
oradmin.VERTICAL
. - admin.E025: The value of
view_on_site
must be either a callable or a boolean value. - admin.E026: The value of
prepopulated_fields
must be a dictionary. - admin.E027: The value of
prepopulated_fields
refers to<field name>
, which is not a field of<model>
. - admin.E028: The value of
prepopulated_fields
refers to<field name>
, which must not be aDateTimeField
, aForeignKey
, aOneToOneField
, or aManyToManyField
field. - admin.E029: The value of
prepopulated_fields[<field name>]
must be a list or tuple. - admin.E030: The value of
prepopulated_fields
refers to<field name>
, which is not a field of<model>
. - admin.E031: The value of
ordering
must be a list or tuple. - admin.E032: The value of
ordering
has the random ordering marker?
, but contains other fields as well. - admin.E033: The value of
ordering
refers to<field name>
, which is not a field of<model>
. - admin.E034: The value of
readonly_fields
must be a list or tuple. - admin.E035: The value of
readonly_fields[n]
is not a callable, an attribute of<ModelAdmin class>
, or an attribute of<model>
. - admin.E036: The value of
autocomplete_fields
must be a list or tuple. - admin.E037: The value of
autocomplete_fields[n]
refers to<field name>
, which is not a field of<model>
. - admin.E038: The value of
autocomplete_fields[n]
must be a foreign key or a many-to-many field. - admin.E039: An admin for model
<model>
has to be registered to be referenced by<modeladmin>.autocomplete_fields
. - admin.E040:
<modeladmin>
must definesearch_fields
, because it’s referenced by<other_modeladmin>.autocomplete_fields
.
ModelAdmin
¶
The following checks are performed on any
ModelAdmin
that is registered
with the admin site:
- admin.E101: The value of
save_as
must be a boolean. - admin.E102: The value of
save_on_top
must be a boolean. - admin.E103: The value of
inlines
must be a list or tuple. - admin.E104:
<InlineModelAdmin class>
must inherit fromInlineModelAdmin
. - admin.E105:
<InlineModelAdmin class>
must have amodel
attribute. - admin.E106: The value of
<InlineModelAdmin class>.model
must be aModel
. - admin.E107: The value of
list_display
must be a list or tuple. - admin.E108: The value of
list_display[n]
refers to<label>
, which is not a callable, an attribute of<ModelAdmin class>
, or an attribute or method on<model>
. - admin.E109: The value of
list_display[n]
must not be aManyToManyField
field. - admin.E110: The value of
list_display_links
must be a list, a tuple, orNone
. - admin.E111: The value of
list_display_links[n]
refers to<label>
, which is not defined inlist_display
. - admin.E112: The value of
list_filter
must be a list or tuple. - admin.E113: The value of
list_filter[n]
must inherit fromListFilter
. - admin.E114: The value of
list_filter[n]
must not inherit fromFieldListFilter
. - admin.E115: The value of
list_filter[n][1]
must inherit fromFieldListFilter
. - admin.E116: The value of
list_filter[n]
refers to<label>
, which does not refer to a Field. - admin.E117: The value of
list_select_related
must be a boolean, tuple or list. - admin.E118: The value of
list_per_page
must be an integer. - admin.E119: The value of
list_max_show_all
must be an integer. - admin.E120: The value of
list_editable
must be a list or tuple. - admin.E121: The value of
list_editable[n]
refers to<label>
, which is not a field of<model>
. - admin.E122: The value of
list_editable[n]
refers to<label>
, which is not contained inlist_display
. - admin.E123: The value of
list_editable[n]
cannot be in bothlist_editable
andlist_display_links
. - admin.E124: The value of
list_editable[n]
refers to the first field inlist_display
(<label>
), which cannot be used unlesslist_display_links
is set. - admin.E125: The value of
list_editable[n]
refers to<field name>
, which is not editable through the admin. - admin.E126: The value of
search_fields
must be a list or tuple. - admin.E127: The value of
date_hierarchy
refers to<field name>
, which does not refer to a Field. - admin.E128: The value of
date_hierarchy
must be aDateField
orDateTimeField
. - admin.E129:
<modeladmin>
must define ahas_<foo>_permission()
method for the<action>
action. - admin.E130:
__name__
attributes of actions defined in<modeladmin>
must be unique. Name<name>
is not unique.
InlineModelAdmin
¶
The following checks are performed on any
InlineModelAdmin
that is registered as an
inline on a ModelAdmin
.
- admin.E201: Cannot exclude the field
<field name>
, because it is the foreign key to the parent model<app_label>.<model>
. - admin.E202:
<model>
has noForeignKey
to<parent model>
./<model>
has more than oneForeignKey
to<parent model>
. You must specify afk_name
attribute. - admin.E203: The value of
extra
must be an integer. - admin.E204: The value of
max_num
must be an integer. - admin.E205: The value of
min_num
must be an integer. - admin.E206: The value of
formset
must inherit fromBaseModelFormSet
.
GenericInlineModelAdmin
¶
The following checks are performed on any
GenericInlineModelAdmin
that is
registered as an inline on a ModelAdmin
.
- admin.E301:
'ct_field'
references<label>
, which is not a field on<model>
. - admin.E302:
'ct_fk_field'
references<label>
, which is not a field on<model>
. - admin.E303:
<model>
has noGenericForeignKey
. - admin.E304:
<model>
has noGenericForeignKey
using content type field<field name>
and object ID field<field name>
.
AdminSite
¶
The following checks are performed on the default
AdminSite
:
- admin.E401:
django.contrib.contenttypes
must be inINSTALLED_APPS
in order to use the admin application. - admin.E402:
django.contrib.auth.context_processors.auth
must be enabled inDjangoTemplates
(TEMPLATES
) if using the default auth backend in order to use the admin application. - admin.E403: A
django.template.backends.django.DjangoTemplates
instance must be configured inTEMPLATES
in order to use the admin application. - admin.E404:
django.contrib.messages.context_processors.messages
must be enabled inDjangoTemplates
(TEMPLATES
) in order to use the admin application. - admin.E405:
django.contrib.auth
must be inINSTALLED_APPS
in order to use the admin application. - admin.E406:
django.contrib.messages
must be inINSTALLED_APPS
in order to use the admin application. - admin.E408:
django.contrib.auth.middleware.AuthenticationMiddleware
must be inMIDDLEWARE
in order to use the admin application. - admin.E409:
django.contrib.messages.middleware.MessageMiddleware
must be inMIDDLEWARE
in order to use the admin application. - admin.E410:
django.contrib.sessions.middleware.SessionMiddleware
must be inMIDDLEWARE
in order to use the admin application. - admin.W411:
django.template.context_processors.request
must be enabled inDjangoTemplates
(TEMPLATES
) in order to use the admin navigation sidebar.
auth
¶
- auth.E001:
REQUIRED_FIELDS
must be a list or tuple. - auth.E002: The field named as the
USERNAME_FIELD
for a custom user model must not be included inREQUIRED_FIELDS
. - auth.E003:
<field>
must be unique because it is named as theUSERNAME_FIELD
. - auth.W004:
<field>
is named as theUSERNAME_FIELD
, but it is not unique. - auth.E005: The permission codenamed
<codename>
clashes with a builtin permission for model<model>
. - auth.E006: The permission codenamed
<codename>
is duplicated for model<model>
. - auth.E007: The
verbose_name
of model<model>
must be at most 244 characters for its builtin permission names to be at most 255 characters. - auth.E008: The permission named
<name>
of model<model>
is longer than 255 characters. - auth.C009:
<User model>.is_anonymous
must be an attribute or property rather than a method. Ignoring this is a security issue as anonymous users will be treated as authenticated! - auth.C010:
<User model>.is_authenticated
must be an attribute or property rather than a method. Ignoring this is a security issue as anonymous users will be treated as authenticated! - auth.E011: The name of model
<model>
must be at most 93 characters for its builtin permission names to be at most 100 characters. - auth.E012: The permission codenamed
<codename>
of model<model>
is longer than 100 characters.
contenttypes
¶
The following checks are performed when a model contains a
GenericForeignKey
or
GenericRelation
:
- contenttypes.E001: The
GenericForeignKey
object ID references the nonexistent field<field>
. - contenttypes.E002: The
GenericForeignKey
content type references the nonexistent field<field>
. - contenttypes.E003:
<field>
is not aForeignKey
. - contenttypes.E004:
<field>
is not aForeignKey
tocontenttypes.ContentType
. - contenttypes.E005: Model names must be at most 100 characters.
postgres
¶
The following checks are performed on django.contrib.postgres
model
fields:
- postgres.E001: Base field for array has errors: …
- postgres.E002: Base field for array cannot be a related field.
- postgres.E003:
<field>
default should be a callable instead of an instance so that it’s not shared between all field instances. This check was changed tofields.E010
in Django 3.1.
sites
¶
The following checks are performed on any model using a
CurrentSiteManager
:
- sites.E001:
CurrentSiteManager
could not find a field named<field name>
. - sites.E002:
CurrentSiteManager
cannot use<field>
as it is not a foreign key or a many-to-many field.
The following checks verify that django.contrib.sites
is correctly
configured:
- sites.E101: The
SITE_ID
setting must be an integer.
staticfiles
¶
The following checks verify that django.contrib.staticfiles
is correctly
configured:
- staticfiles.E001: The
STATICFILES_DIRS
setting is not a tuple or list. - staticfiles.E002: The
STATICFILES_DIRS
setting should not contain theSTATIC_ROOT
setting. - staticfiles.E003: The prefix
<prefix>
in theSTATICFILES_DIRS
setting must not end with a slash. - staticfiles.W004: The directory
<directory>
in theSTATICFILES_DIRS
does not exist.