h!LSrSSKrSSKrSSKJr SSKJr SSKJr SSK J r J r SSK J r Jr SSKJr SS KJr SS KJrJr SS KJr SS KJr SS KJr SSKJr SSKJr \R@"S5r!\"S5r"Sr#Sr$Sr%Sr&Sr'Sr(Sr)Sr*Sr+Sr,S\,-r-\R\\R^-r0Sr1Sr2Sr3S r4S!r5S"r6S#r7S$r8"S%S&\95r:S'r;S(r<"S)S*\95r="S+S,\5r>g)-z Cross Site Request Forgery Middleware. This module provides a middleware that implements protection against request forgeries from other sites. N) defaultdicturlparse)settings)DisallowedHostImproperlyConfigured) HttpHeadersUnreadablePostError) get_callable)patch_vary_headers)constant_time_compareget_random_string)MiddlewareMixin)cached_propertyis_same_domain) log_response)_lazy_re_compilezdjango.security.csrfz [^a-zA-Z0-9]z?Origin checking failed - %s does not match any trusted origins.z%Referer checking failed - no Referer.z@Referer checking failed - %s does not match any trusted origins.zCSRF cookie not set.zCSRF token missing.z/Referer checking failed - Referer is malformed.zCReferer checking failed - Referer is insecure while host is secure.zhas incorrect lengthzhas invalid characters  _csrftokenc4[[R5$)z/Return the view to be used for CSRF rejections.)r rCSRF_FAILURE_VIEWH/var/www/html/env/lib/python3.13/site-packages/django/middleware/csrf.py_get_failure_viewr2s 22 33rc&[[[S9$)N) allowed_chars)rCSRF_SECRET_LENGTHCSRF_ALLOWED_CHARSrrr_get_new_csrf_stringr"7s /?Q RRrc^[5n[m[U4SjU5U4SjU55nSRU4SjU55nX-$)z Given a secret (assumed to be a string of CSRF_ALLOWED_CHARS), generate a token by adding a mask and applying it to the secret. c3F># UHnTRU5v M g7fNindex.0xcharss r &_mask_cipher_secret..Bs0AQ!c3F># UHnTRU5v M g7fr%r&r(s rr,r-Bs2P4a5;;q>>4r.c3N># UHupTX-[T5-v M g7fr%)lenr)r*yr+s rr,r-Cs#CUTQUAESZ/0Us"%)r"r!zipjoin)secretmaskpairscipherr+s @r_mask_cipher_secretr;;sF !D E 002P42P QE WWCUC CF =rc^US[nU[Sn[m[U4SjU5U4SjU55nSRU4SjU55$)z Given a token (assumed to be a string of CSRF_ALLOWED_CHARS, of length CSRF_TOKEN_LENGTH, and that its first half is a mask), use it to decrypt the second half to produce the original secret. Nc3F># UHnTRU5v M g7fr%r&r(s rr,'_unmask_cipher_token..Ps/AQr.c3F># UHnTRU5v M g7fr%r&r(s rr,r>Ps1O$Q%++a..$r.r0c36># UHupTX- v M g7fr%rr3s rr,r>Qs2EDA5.s( 7f} HV  7s ""rv)rlistrrwschemeappendrxry)rWallowed_origin_subdomainsparseds rr,CsrfViewMiddleware.allowed_origin_subdomainssX %0$5! "77 F &mm 4 ; ;FMM  LL  rc^[R(a!URR[5nO)UR[Rn[U5 Ucg[U5[:Xa [U5nU$![ a [ S5ef=f![a SnNKf=f)z Return the CSRF secret originally associated with the request, or None if it didn't have one. If the CSRF_USE_SESSIONS setting is false, raises InvalidTokenFormat if the request's secret has invalid characters or an invalid length. zCSRF_USE_SESSIONS is enabled, but request.session is not set. SessionMiddleware must appear before CsrfViewMiddleware in MIDDLEWARE.N)rCSRF_USE_SESSIONSsessiongetCSRF_SESSION_KEYAttributeErrorrCOOKIESCSRF_COOKIE_NAMErhKeyErrorr2rcrBrWrIrJs r _get_secretCsrfViewMiddleware._get_secrets  % % %oo112BC  1%ooh.G.GH $K0   { 0 0.{;K'" *%  #"  #sBBB B,+B,c [R(aRURR[5UR S:wa!UR SUR['ggUR [RUR S[R[R[R[R[R[RS9 [US5 g)NrD)max_agedomainrsecurehttponlysamesite)Cookie)rrrrrrF set_cookierCSRF_COOKIE_AGECSRF_COOKIE_DOMAINCSRF_COOKIE_PATHCSRF_COOKIE_SECURECSRF_COOKIE_HTTPONLYCSRF_COOKIE_SAMESITEr rWrIrs r_set_csrf_cookie#CsrfViewMiddleware._set_csrf_cookies  % %""#34 ]8SS4;LL4O 01T   )) ]+ 0022..22!66!66  x 5rc^URSnUR5nUR5(aSOS<SU<3nX$:XagX R;ag[ U5nURnURm[U4SjURRUS555$![a Nof=f![ a gf=f) N HTTP_ORIGINhttpshttpz://TFc3<># UHn[TU5v M g7fr%r)r)hostrequest_netlocs rr,6CsrfViewMiddleware._origin_verified..$s" N >4 0 0Nsr) rFget_host is_securerrr ValueErrorrrxanyrr)rWrIrequest_origin good_host good_origin parsed_originrequest_schemers @r_origin_verified#CsrfViewMiddleware._origin_verifieds m4 ((*I #,,..F:K,- 77 7 $^4M'--&-- 66::>2N   #     s#B, B<, B98B9< C C c4^URRS5mTc[[5e[ T5mSTRTR4;a[[ 5eTRS:wa[[5e[U4SjUR55(ag[R(a[RO[RnUcUR!5nOUR)5nUS;a U<SU<3n[+TRU5(d [[$TR'5-5eg![ a [[ 5ef=f!["a! [[$TR'5-5ef=f)N HTTP_REFERERr0rc3P># UHn[TRU5v M g7fr%)rrx)r)rreferers rr,4CsrfViewMiddleware._check_referer..;s& 7 7>>4 0 07s#&)44380:)rFrrmREASON_NO_REFERERrrREASON_MALFORMED_REFERERrrxREASON_INSECURE_REFERERrr|rrSESSION_COOKIE_DOMAINrrrREASON_BAD_REFERERgeturlget_portr)rWrI good_referer server_portrs @r_check_referer!CsrfViewMiddleware._check_referer)sq,,"">2 ? 12 2 :w'G '..'..1 1 89 9 >>W $ 78 8  77    ))  * *,,    K&//1 "**,K-/*6 D gnnl;; 2W^^5E EF F**73K   56 6  >>V # %,\\%5%56KR%P"  # ? &-\\(2K2K%L"$44L!L (  2 3 !!3AA,,[,GF' 'BU" >,szzl! <= = >'      ?#$=>> ?" (,,SZZFF' ' (sLCC0D D C-C((C-0 C=<C=D E''EEcURU5nUbX!RS'gg![a [U5 gf=f)NrD)rrFrQrKrs rprocess_request"CsrfViewMiddleware.process_requestsK :**73K& /: ]+ '" *  ) *s &>>c[USS5(ag[USS5(agURS;aURU5$[USS5(aURU5$SUR;a=UR U5(d&UR U[ URS-5$O'UR5(aURU5 URU5 URU5$![a%nUR XR5sSnA$SnAff=f![a%nUR XR5sSnA$SnAff=f)NrF csrf_exempt)GETHEADOPTIONSTRACE_dont_enforce_csrf_checksr) getattrrrrFrrREASON_BAD_ORIGINrrrmrUr)rWrIcallback callback_argscallback_kwargsrs r process_viewCsrfViewMiddleware.process_viewsB 72E : : 8]E 2 2 >>@ @<<( ( 77 ? ? <<( ( GLL (((11||.m1LL2   $ 9##G, 5   g &||G$$! 9||GZZ88 9  5<<4 4 5s<D D4 D1 D,&D1,D14 E#>EE#E#cURRS5(a URX5 SURS'U$)NrEF)rFrrrs rprocess_response#CsrfViewMiddleware.process_responses< <<  6 7 7  ! !' 48=GLL3 4rrN)r\r]r^r___doc__rr|rrrrrrrrrrrrrr`rrrrrrrs  YY ) )  @6$ 4+GZ;2(h :7%r rrr)?rloggingstring collectionsr urllib.parser django.confrdjango.core.exceptionsrr django.httpr r django.urlsr django.utils.cacher django.utils.cryptor rdjango.utils.deprecationrdjango.utils.functionalrdjango.utils.httprdjango.utils.logrdjango.utils.regex_helperr getLoggerrrerrrrrrrrdrgr rc ascii_lettersdigitsr!rrr"r;rBrKrMrO ExceptionrQrhrkrmrrrrrrs #! G8$1H43,)6   1 2).9U;W.1LI 14**))FMM94 S  3 ,*" <B"I ~~r