Warning
覆写设置项时,特别是在默认值为空元组()或是空字典{}的情况下,要格外谨慎。比如 MIDDLEWARE_CLASSES
和 TEMPLATE_CONTEXT_PROCESSORS
。要确保其包含你要用到的Django特性。
接下来我们会按照字母顺序展示所有的可用设置项及其默认值。
默认值: {}
(空字典)
该设置项为一个字典,用于将 "app_label.model_name"
字符串与函式进行映射。函式接受一个model对象做为参数并返回该对象的网址。
这相当于在其中的每个应用的底层上重载 get_absolute_url()
方法,例如:
ABSOLUTE_URL_OVERRIDES = {
'blogs.weblog': lambda o: "/blogs/%s/" % o.slug,
'news.story': lambda o: "/stories/%s/%s/" % (o.pub_year, o.slug),
}
注意用于该设置项的model字符串无论其实际名称是什么,在此处都应该设为小写。
默认项: ()
(空元组)
一个settings元组,用于存放django自带管理后台要用到的 settings 模块(格式如 'foo.bar.baz'
),
自带的管理后台在对models,视图和模板标签的自动内省的文档中会用到该设置。
默认值: ()
(空元组)
该元组内存放的是可以接收代码错误通知的用户。当
DEBUG=False
时,如果某个视图(view)抛出异常,Django就会将带有详细异常信息的以邮件的形式发送给上述用户。
元组中的每个成员应该是一个形如(完整名称,邮件地址)的二元组,例如:
(('John', 'john@example.com'), ('Mary', 'mary@example.com'))
要注意:无论何时,只要有错误发生,元组中的 所有用户 都会收到Django发送的邮件。 wrongway特别提醒:有时这些错误会很多很烦,比如某些2B爬虫访问了某个不存的网址。 详见 Error reporting
默认值: ()
(空元组)
该元组内存放的是表示嵌入文件根路径的字符串——只有在某字符串存在于该元组的情况下,Django的 {% ssi %}
模板标签才会嵌入以其为前缀的文件。
这样做是出于安全考虑,从而使模板作者不能访问到他们不该访问的文件。
举个例子,我们将 ALLOWED_INCLUDE_ROOTS
设为 ('/home/html', '/var/www')
,
那么 {% ssi /home/html/foo.txt %}
是有效的,而 ``{% ssi /etc/passwd %}`` 则是无效的。
默认值: True
设为 True
时,如果请求的URL与URLconf中的任何一个URL模式都不匹配,且URL并没有以斜杠结尾,那么Django就会重定向到以斜杠结尾的相同网址。
要注意的是,重定向可能会导致某些POST请求所提交的数据丢失。
APPEND_SLASH
设置项只有在安装了
CommonMiddleware
的情况下才会生效。
(详见 Middleware)。 也可参见 PREPEND_WWW
。
默认值: ('django.contrib.auth.backends.ModelBackend',)
是一个存放用户认址后端类(authentication backend class)的元组,用于于认证用户详见 用户认证后端文档 。
默认值:
{
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
}
}
该设置项包含了Django会用到的所有缓存设置。这是一个嵌套的字典,其中的每个键名(即缓存项别名)都对应一个存放缓存选项的字典。
CACHES
字典中必须包含一个 default
缓存;其他缓存可以随意命名。
如果你正在使用缓存的并非是本地内存缓存,或者你想定义多个缓存,就要用到其他选项。
以下就是可用的缓存选项:
默认值: ''
(空字符串)
要使用的缓存后端。内置的缓存后端有以下几种:
'django.core.cache.backends.db.DatabaseCache'
'django.core.cache.backends.dummy.DummyCache'
'django.core.cache.backends.filebased.FileBasedCache'
'django.core.cache.backends.locmem.LocMemCache'
'django.core.cache.backends.memcached.MemcachedCache'
'django.core.cache.backends.memcached.PyLibMCCache'
我们可以将:setting:BACKEND <CACHE-BACKEND> 设为某个缓存后端的可访问路径(例如 mypackage.backends.whatever.WhateverCache
),以使用非Django内置的第三方缓存。
您不妨参考其他后端,从头编写一个完整的新缓存后端,以此做为一个读者练习。
Note
在Django1.3之前,我们使用以后端类型名为前缀的URI来表示Django内置的缓存后端(比如,使用``’db://tablename’`` 表示使用数据库缓存后端)。 我们不建议使用这种格式,它会在Django1.5中彻底去除。
一个形如’xxxx.xxxx.xxx.xxx’的路径字符串,表示一个函式的可访问路径。该函式决定了如何将前缀,版本以及键名拼装成最终的缓存键。 默认的实现方法如下:
def make_key(key, key_prefix, version):
return ':'.join([key_prefix, str(version), smart_str(key)])
如果你想使用自定义的函式,新函式只需与上述参数相同即可。
详见 缓存文档 。
默认值: ''
(空字符串)
要使用的缓存位置。它可以是文件系统缓存的一个目录,也可以是memcache服务器的主机和端口,或是仅仅是本地内存缓存的一个简单标识名称:
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.filebased.FileBasedCache',
'LOCATION': '/var/tmp/django_cache',
}
}
默认值: False
如果为 True
,只有匿名请求(例如非登录用户的请求)才会被缓存。否则,缓存中间件会缓存每一张没有GET和POST传入参数的网页。
将该设置设为 True
时,要在middleware中添加 AuthenticationMiddleware
。
默认值: None
设置启用CSRF cookie的站点。它可以轻易地将跨站请求伪造与正常的跨子站请求区分开。
该设置项的格式应该类似 ".lawrence.com"
,以允许由一个子站表单发出的POST请求可以被另一个子站的视图(view)所接收。
请注意该设置项的存在并不意味着:在默认情况下,Django的CSRF防护对于跨子站攻击就是安全的。详见 CSRF 限制 一节。
默认值: 'csrftoken'
用于CSRF认证令牌的cookie名称。可以是任何名称,详见 Cross Site Request Forgery protection.
默认值: '/'
应用于CSRF cookie的路径。它应该匹配你的Django应用的URL路径,或是该路径的父路径。
如果你在同一台主机上运行多个Django实例时,该设定会非常有用。它们各自使用不同的cookie路径,每个实例只能看到自己的CSRF cookie。
默认值: False
是否对CSRF cookie进行加密。如果设为 True
,cookie将被标识为 “secure” ,这意味着浏览器确保该cookie只能通过HTTPS链接发送。
默认值: 'django.views.csrf.csrf_failure'
一个形如’xxxx.xxxx.xxx.xxx’的函式路径字符串,该视图函式在请求被CSRF防护拒绝时发挥作用。 该函式结构如下:
def csrf_failure(request, reason="")
其中的 reason
是一个短消息(对于开发者或是日志比较有用,一般用户对此并不关注)
,表示当前请求被拒绝的原因。详见
Cross Site Request Forgery protection.
默认值: {}
(空字典)
该设置项是一个嵌套的字典,包含了Django会用到的所有数据库设置。 其中的每个字典项都以数据库别名做为键值,对应一个存放该数据库选项的字典。
DATABASES
字典中必须定义一个 default
数据库;其他数据库可以随意命名。
最简单的设置就是安装的一个单独的SQLite文件数据库。设置如下:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': 'mydatabase'
}
}
对于其他数据库后端或是更灵活的SQLite配置而言,就要用到其他选项,下面就介绍其中所有的数据库选项。
默认值: ''
(空符串)
要使用的数据库后端。Django内置的数据库后端有:
'django.db.backends.postgresql_psycopg2'
'django.db.backends.mysql'
'django.db.backends.sqlite3'
'django.db.backends.oracle'
我们可以通过设置 ENGINE
而使用非Django提供的第三方数据库后端——将其设为某个后端的可访问路径,例如
mypackage.backends.whatever
)。您不妨参考其他后端,从头编写一个完整的新数据库后端,以此做为一个读者练习。
Note
在Django1.2之前,我们使用一个短名称来表示Django内置的数据库后端(比如,使用``’sqlite3’`` 表示使用SQLite数据库后端)。 我们不建议使用这种格式,它已在Django1.4中彻底去除 。
默认值: ''
(空字符串)
表示连接数据库使用哪台主机。空字符串表示本地(localhost)。使用SQLite时该项无效。
如果我们使用的是MySQL,且设置值以反斜杠 ('/'
) 开头时,MySQL将通过Unix socket链接某个指定的socket。举个例子:
"HOST": '/var/run/mysql'
同样仍是使用Mysql,如果该值并未以反斜杠开头,那么该值就表示某个主机名或是IP。
使用PostgreSQL时,空字符串表示使用Unix domain socket进行连接,而不是进行本地连接。
如果你想明确指定PostgreSQL连接本地机器,此外就要填写为 localhost
。
默认值: ''
(空字符串)
使用的数据库名称。对SQLite而言,该设置就是数据库文件的完整路径。要注意的是,指定文件路径时
一定要使用斜杠,即便是在Windows平台也是如此
(比如 C:/homes/user/mysite/sqlite3.db
)。
默认值: {}
(空字典)
连接数据库时要用到的其他选项。Django根据不同的数据库后端使用不同的选项。
具体的选项信息可参见 数据库后端 文档,以了解您选用的数据库后端有哪些可用的选项。
默认值: None
创建测试数据库时使用的字符集编码方案。因为该值是直接传给数据库的,所以它的格式是由数据库后端指定的。
该设置项对 PostgreSQL (postgresql_psycopg2
) 和 MySQL (mysql
) 后端有效。
默认值: None
创建测试数据库时使用的排序顺利。因为该值是直接传给后端的,所以它的格式由数据库后端所决定。
仅仅支持 mysql
后端 (详见 MySQL manual )。
默认值: 对其他非 default
且没有依赖关联的数据库而言,默认值就是 ['default']
。
数据库依赖关联的创建顺序。详见文档 控制测试数据库的创建顺序 。
默认值: None
运行测试案例时使用的数据库的名称。
使用SQLite数据库时,如果使用默认值 (None
) ,测试时就会使用一个驻留内存的数据库。
对于其他数据库引擎来说,测试时的数据库名称就是 'test_' + DATABASE_NAME
。
默认值: None
该项只适用于Oracle数据库。
运行测试时连接Oracle数据库所使用的用户名。如果为空,Django会使用 'test_' + USER
做为默认用户名。
默认值: None
该项只适用于Oracle数据库。
运行测试时使用的临时表空间的名称。如果为空,Django会使用 'test_' + NAME + '_temp'
做为临时表空间的名称。
默认值: 'N j, Y'
(e.g. Feb. 4, 2003
)
显示日期字段时所使用的默认格式,与系统无关。要注意当 USE_L10N
被设为 True
时,
本地语言环境所指定的格式拥有更高的优先级并取代该设置项。详见
日期格式字符串
。
USE_L10N
置为 True
时,该设置项的值将被覆盖。DATETIME_FORMAT
, TIME_FORMAT
和 SHORT_DATE_FORMAT
亦是如此。
默认值::
(‘%Y-%m-%d’, ‘%m/%d/%Y’, ‘%m/%d/%y’, ‘%b %d %Y’, ‘%b %d, %Y’, ‘%d %b %Y’, ‘%d %b, %Y’, ‘%B %d %Y’, ‘%B %d, %Y’, ‘%d %B %Y’, ‘%d %B, %Y’)
该项是一个元组,表示日期字段上可用的日期输入格式。
Django会按顺序尝试元组内的日期格式,直至得到匹配正确的有效结果为止。
要注意这些格式字符串使用的是Python内置的 datetime 模块的语法,而非
Django的 date
模板标签所用的格式字符串。
当 USE_L10N
设为 True
时,
本地语言环境所指定的格式比该设置项拥有更高的优先级。
默认值: 'N j, Y, P'
(e.g. Feb. 4, 2003, 4 p.m.
)
显示日期时间字段时所使用的默认格式,与系统无关。要注意当 USE_L10N
被设为 True
时,
本地语言环境所指定的格式拥有更高的优先级并取代该设置项。详见
日期格式字符串
.
USE_L10N
置为 True
时,该设置项的值将被覆盖。DATE_FORMAT
, TIME_FORMAT
和 SHORT_DATETIME_FORMAT
亦是如此。
默认值::
(‘%Y-%m-%d %H:%M:%S’, ‘%Y-%m-%d %H:%M’, ‘%Y-%m-%d’, ‘%m/%d/%Y %H:%M:%S’, ‘%m/%d/%Y %H:%M’, ‘%m/%d/%Y’, ‘%m/%d/%y %H:%M:%S’, ‘%m/%d/%y %H:%M’, ‘%m/%d/%y’)
该项是一个元组,表示日期时间字段上可用的输入格式。
Django会按顺序尝试元组内的日期时间格式,直至得到匹配正确的有效结果为止。
要注意这些格式字符串使用的是Python内置的 datetime 模块的语法,而非
Django的 date
模板标签所用的格式字符串。
当 USE_L10N
设为 True
时,
本地语言环境所指定的格式比该设置项拥有更高的优先级。
DATE_INPUT_FORMATS
和 TIME_INPUT_FORMATS
亦是如此。
默认值: False
布尔值,决定是否启用调试模式。
切忌在生产用站点上启 DEBUG
为 True 。切记切记切记!
调试模式的特性之一就是会显示详细的错误信息页。在调试模式下,如果你的应用抛出了某个异常,
Django会显示详细的错误消息回溯(traceback),其中包含很多当前环境的元信息——诸如当前Django settings( settings.py
)定义的所有配置项。
做为一项安全措施,在调试模式下,Django不会显示敏感或易于被利用的设置项——诸如 SECRET_KEY
或 PROFANITIES_LIST
。
具体来说,下列设置项将被排除在显示之外:
- API
- KEY
- PASS
- PROFANITIES_LIST
- SECRET
- SIGNATURE
- TOKEN
注意上述设置都是局部匹配的, 'PASS'
也可以匹配 PASSWORD ,
而 'TOKEN'
也匹配 TOKENIZED ,等等。
还要注意的是,有很多内容不适合对公开,诸如文件路径,配置选项以及一些会给服务器带来安全隐患的敏感信息。
还有一点要记住就是在调试模式下,Django会记住每个运行的SQL查询。这对于调试是非常有帮助的,但在生产服务器却会迅速耗光内存。
默认值: False
设为True时,Django针对视图函式的普通异常的处理将被抑制,异常将继续向上传递。 这对某些测试设置非常有用,千万不要用在在线站点中。
默认值: '.'
(点)
Default decimal separator used when formatting decimal numbers.
Note that if USE_L10N
is set to True
, then the locale-dictated
format has higher precedence and will be applied instead.
See also NUMBER_GROUPING
, THOUSAND_SEPARATOR
and
USE_THOUSAND_SEPARATOR
.
默认值: 'utf-8'
Default charset to use for all HttpResponse
objects, if a MIME type isn’t
manually specified. Used with DEFAULT_CONTENT_TYPE
to construct the
Content-Type
header.
默认值: 'text/html'
Default content type to use for all HttpResponse
objects, if a MIME type
isn’t manually specified. Used with DEFAULT_CHARSET
to construct
the Content-Type
header.
默认值: django.views.debug.SafeExceptionReporterFilter
Default exception reporter filter class to be used if none has been assigned to
the HttpRequest
instance yet.
See Filtering error reports.
默认值: django.core.files.storage.FileSystemStorage
Default file storage class to be used for any file-related operations that don’t specify a particular storage system. See Managing files.
默认值: 'webmaster@localhost'
Default email address to use for various automated correspondence from the site manager(s).
默认值: ''
(Empty string)
Default tablespace to use for indexes on fields that don’t specify one, if the backend supports it (see Tablespaces).
默认值: ''
(Empty string)
Default tablespace to use for models that don’t specify one, if the backend supports it (see Tablespaces).
默认值: ()
(Empty tuple)
List of compiled regular expression objects representing User-Agent strings that
are not allowed to visit any page, systemwide. Use this for bad robots/crawlers.
This is only used if CommonMiddleware
is installed (see
Middleware).
默认值: ''
(Empty string)
Password to use for the SMTP server defined in EMAIL_HOST
. This
setting is used in conjunction with EMAIL_HOST_USER
when
authenticating to the SMTP server. If either of these settings is empty,
Django won’t attempt authentication.
See also EMAIL_HOST_USER
.
默认值: ''
(Empty string)
Username to use for the SMTP server defined in EMAIL_HOST
.
If empty, Django won’t attempt authentication.
See also EMAIL_HOST_PASSWORD
.
默认值: '[Django] '
Subject-line prefix for email messages sent with django.core.mail.mail_admins
or django.core.mail.mail_managers
. You’ll probably want to include the
trailing space.
默认值: 'utf-8'
The character encoding used to decode any files read from disk. This includes template files and initial SQL data files.
默认值::
- (“django.core.files.uploadhandler.MemoryFileUploadHandler”,
- “django.core.files.uploadhandler.TemporaryFileUploadHandler”,)
A tuple of handlers to use for uploading. See Managing files for details.
默认值: 2621440
(i.e. 2.5 MB).
The maximum size (in bytes) that an upload will be before it gets streamed to the file system. See Managing files for details.
默认值: None
The numeric mode (i.e. 0644
) to set newly uploaded files to. For
more information about what these modes mean, see the documentation for
os.chmod()
.
If this isn’t given or is None
, you’ll get operating-system
dependent behavior. On most platforms, temporary files will have a mode
of 0600
, and files saved from memory will be saved using the
system’s standard umask.
Warning
Always prefix the mode with a 0.
If you’re not familiar with file modes, please note that the leading
0
is very important: it indicates an octal number, which is the
way that modes must be specified. If you try to use 644
, you’ll
get totally incorrect behavior.
默认值: None
The directory to store data temporarily while uploading files. If None
,
Django will use the standard temporary directory for the operating system. For
example, this will default to ‘/tmp’ on *nix-style operating systems.
See Managing files for details.
默认值: 0
(Sunday)
Number representing the first day of the week. This is especially useful when displaying a calendar. This value is only used when not using format internationalization, or when a format cannot be found for the current locale.
The value must be an integer from 0 to 6, where 0 means Sunday, 1 means Monday and so on.
默认值: ()
(Empty tuple)
List of directories searched for fixture files, in addition to the
fixtures
directory of each application, in search order.
Note that these paths should use Unix-style forward slashes, even on Windows.
See Providing initial data with fixtures and Fixture loading.
默认值: None
If not None
, this will be used as the value of the SCRIPT_NAME
environment variable in any HTTP request. This setting can be used to override
the server-provided value of SCRIPT_NAME
, which may be a rewritten version
of the preferred value or not supplied at all.
默认值: None
A full Python path to a Python package that contains format definitions for
project locales. If not None
, Django will check for a formats.py
file, under the directory named as the current locale, and will use the
formats defined on this file.
For example, if FORMAT_MODULE_PATH
is set to mysite.formats
,
and current language is en
(English), Django will expect a directory tree
like:
mysite/
formats/
__init__.py
en/
__init__.py
formats.py
Available formats are DATE_FORMAT
, TIME_FORMAT
,
DATETIME_FORMAT
, YEAR_MONTH_FORMAT
,
MONTH_DAY_FORMAT
, SHORT_DATE_FORMAT
,
SHORT_DATETIME_FORMAT
, FIRST_DAY_OF_WEEK
,
DECIMAL_SEPARATOR
, THOUSAND_SEPARATOR
and
NUMBER_GROUPING
.
默认值: ()
List of compiled regular expression objects describing URLs that should be
ignored when reporting HTTP 404 errors via email (see
Error reporting). Use this if your site does not provide a
commonly requested file such as favicon.ico
or robots.txt
, or if it
gets hammered by script kiddies.
This is only used if SEND_BROKEN_LINK_EMAILS
is set to True
and
CommonMiddleware
is installed (see Middleware).
默认值: ()
(Empty tuple)
A tuple of strings designating all applications that are enabled in this Django
installation. Each string should be a full Python path to a Python package that
contains a Django application, as created by django-admin.py startapp
.
App names must be unique
The application names (that is, the final dotted part of the
path to the module containing models.py
) defined in
INSTALLED_APPS
must be unique. For example, you can’t
include both django.contrib.auth
and myproject.auth
in
INSTALLED_APPS.
默认值: ()
(Empty tuple)
A tuple of IP addresses, as strings, that:
DEBUG
is True
XViewMiddleware
is installed (see
Middleware)默认值: 'en-us'
A string representing the language code for this installation. This should be in
standard language format. For example, U.S. English is
"en-us"
. See 国际化和本地化.
默认值: 'django_language'
The name of the cookie to use for the language cookie. This can be whatever
you want (but should be different from SESSION_COOKIE_NAME
). See
国际化和本地化.
默认值: A tuple of all available languages. This list is continually growing
and including a copy here would inevitably become rapidly out of date. You can
see the current list of translated languages by looking in
django/conf/global_settings.py
(or view the online source).
The list is a tuple of two-tuples in the format (language code, language
name)
, the language code
part should be a
language name – for example, ('ja', 'Japanese')
.
This specifies which languages are available for language selection. See
国际化和本地化.
Generally, the default value should suffice. Only set this setting if you want to restrict language selection to a subset of the Django-provided languages.
If you define a custom LANGUAGES
setting, it’s OK to mark the
languages as translation strings (as in the default value referred to above)
– but use a “dummy” gettext()
function, not the one in
django.utils.translation
. You should never import
django.utils.translation
from within your settings file, because that
module in itself depends on the settings, and that would cause a circular
import.
The solution is to use a “dummy” gettext()
function. Here’s a sample
settings file:
gettext = lambda s: s
LANGUAGES = (
('de', gettext('German')),
('en', gettext('English')),
)
With this arrangement, django-admin.py makemessages
will still find and
mark these strings for translation, but the translation won’t happen at
runtime – so you’ll have to remember to wrap the languages in the real
gettext()
in any code that uses LANGUAGES
at runtime.
默认值: ()
(Empty tuple)
A tuple of directories where Django looks for translation files. See How Django discovers translations.
Example:
LOCALE_PATHS = (
'/home/www/project/common_files/locale',
'/var/local/translations/locale'
)
Note that in the paths you add to the value of this setting, if you have the
typical /path/to/locale/xx/LC_MESSAGES
hierarchy, you should use the path to
the locale
directory (i.e. '/path/to/locale'
).
默认值: A logging configuration dictionary.
A data structure containing configuration information. The contents of
this data structure will be passed as the argument to the
configuration method described in LOGGING_CONFIG
.
The default logging configuration passes HTTP 500 server errors to an email log handler; all other log messages are given to a NullHandler.
默认值: 'django.utils.log.dictConfig'
A path to a callable that will be used to configure logging in the Django project. Points at a instance of Python’s dictConfig configuration method by default.
If you set LOGGING_CONFIG
to None
, the logging
configuration process will be skipped.
默认值: '/accounts/profile/'
The URL where requests are redirected after login when the
contrib.auth.login
view gets no next
parameter.
This is used by the login_required()
decorator, for example.
Note
You can use reverse_lazy()
to reference
URLs by their name instead of providing a hardcoded value. Assuming a
urls.py
with an URLpattern named home
:
urlpatterns = patterns('',
url('^welcome/$', 'test_app.views.home', name='home'),
)
You can use reverse_lazy()
like this:
from django.core.urlresolvers import reverse_lazy
LOGIN_REDIRECT_URL = reverse_lazy('home')
This also works fine with localized URLs using
i18n_patterns()
.
默认值: '/accounts/login/'
The URL where requests are redirected for login, especially when using the
login_required()
decorator.
Note
默认值: ()
(Empty tuple)
A tuple in the same format as ADMINS
that specifies who should get
broken-link notifications when SEND_BROKEN_LINK_EMAILS=True
.
默认值: ''
(Empty string)
Absolute path to the directory that holds media for this installation, used for managing stored files.
Example: "/home/media/media.lawrence.com/"
See also MEDIA_URL
.
默认值: ''
(Empty string)
URL that handles the media served from MEDIA_ROOT
, used
for managing stored files.
Example: "http://media.lawrence.com/"
默认值: messages.INFO
Sets the minimum message level that will be recorded by the messages framework. See the messages documentation for more details.
默认值: 'django.contrib.messages.storage.user_messages.LegacyFallbackStorage'
Controls where Django stores message data. See the messages documentation for more details.
默认值::
{messages.DEBUG: ‘debug’, messages.INFO: ‘info’, messages.SUCCESS: ‘success’, messages.WARNING: ‘warning’, messages.ERROR: ‘error’,}
Sets the mapping of message levels to message tags. See the messages documentation for more details.
默认值::
- (‘django.middleware.common.CommonMiddleware’,
- ‘django.contrib.sessions.middleware.SessionMiddleware’, ‘django.middleware.csrf.CsrfViewMiddleware’, ‘django.contrib.auth.middleware.AuthenticationMiddleware’, ‘django.contrib.messages.middleware.MessageMiddleware’,)
A tuple of middleware classes to use. See Middleware.
'django.contrib.messages.middleware.MessageMiddleware'
was added to the
default. For more information, see the messages documentation.默认值: 'F j'
The default formatting to use for date fields on Django admin change-list pages – and, possibly, by other parts of the system – in cases when only the month and day are displayed.
For example, when a Django admin change-list page is being filtered by a date drilldown, the header for a given day displays the day and month. Different locales have different formats. For example, U.S. English would say “January 1,” whereas Spanish might say “1 Enero.”
See allowed date format strings
. See also
DATE_FORMAT
, DATETIME_FORMAT
,
TIME_FORMAT
and YEAR_MONTH_FORMAT
.
默认值: 0
Number of digits grouped together on the integer part of a number.
Common use is to display a thousand separator. If this setting is 0
, then
no grouping will be applied to the number. If this setting is greater than
0
, then THOUSAND_SEPARATOR
will be used as the separator between
those groups.
Note that if USE_L10N
is set to True
, then the locale-dictated
format has higher precedence and will be applied instead.
See also DECIMAL_SEPARATOR
, THOUSAND_SEPARATOR
and
USE_THOUSAND_SEPARATOR
.
默认值: 3
The number of days a password reset link is valid for. Used by the
django.contrib.auth
password reset mechanism.
默认值: False
Whether to prepend the “www.” subdomain to URLs that don’t have it. This is only
used if CommonMiddleware
is installed
(see Middleware). See also APPEND_SLASH
.
默认值: ()
(Empty tuple)
A tuple of profanities, as strings, that will be forbidden in comments when
COMMENTS_ALLOW_PROFANITIES
is False
.
默认值: {}
A dictionary containing settings for the restructuredtext
markup filter from
the django.contrib.markup application. They override
the default writer settings. See the Docutils restructuredtext writer settings
docs for details.
默认值: Not defined
A string representing the full Python import path to your root URLconf. For example:
"mydjangoapps.urls"
. Can be overridden on a per-request basis by
setting the attribute urlconf
on the incoming HttpRequest
object. See How Django processes a request for details.
默认值: ''
(Empty string)
A secret key for this particular Django installation. Used to provide a seed in
secret-key hashing algorithms. Set this to a random string – the longer, the
better. django-admin.py startproject
creates one automatically.
默认值: None
A tuple representing a HTTP header/value combination that signifies a request
is secure. This controls the behavior of the request object’s is_secure()
method.
This takes some explanation. By default, is_secure()
is able to determine
whether a request is secure by looking at whether the requested URL uses
“https://”.
If your Django app is behind a proxy, though, the proxy may be “swallowing” the
fact that a request is HTTPS, using a non-HTTPS connection between the proxy
and Django. In this case, is_secure()
would always return False
– even
for requests that were made via HTTPS by the end user.
In this situation, you’ll want to configure your proxy to set a custom HTTP
header that tells Django whether the request came in via HTTPS, and you’ll want
to set SECURE_PROXY_SSL_HEADER
so that Django knows what header to look
for.
You’ll need to set a tuple with two elements – the name of the header to look for and the required value. For example:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
Here, we’re telling Django that we trust the X-Forwarded-Protocol
header
that comes from our proxy, and any time its value is 'https'
, then the
request is guaranteed to be secure (i.e., it originally came in via HTTPS).
Obviously, you should only set this setting if you control your proxy or
have some other guarantee that it sets/strips this header appropriately.
Note that the header needs to be in the format as used by request.META
–
all caps and likely starting with HTTP_
. (Remember, Django automatically
adds 'HTTP_'
to the start of x-header names before making the header
available in request.META
.)
Warning
You will probably open security holes in your site if you set this without knowing what you’re doing. Seriously.
Make sure ALL of the following are true before setting this (assuming the values from the example above):
If any of those are not true, you should keep this setting set to None
and find another way of determining HTTPS, perhaps via custom middleware.
默认值: False
Whether to send an email to the MANAGERS
each time somebody visits
a Django-powered page that is 404ed with a non-empty referer (i.e., a broken
link). This is only used if CommonMiddleware
is installed (see
Middleware). See also IGNORABLE_404_URLS
and
Error reporting.
默认值: Not defined.
A dictionary of modules containing serializer definitions (provided as strings), keyed by a string identifier for that serialization type. For example, to define a YAML serializer, use:
SERIALIZATION_MODULES = { 'yaml' : 'path.to.yaml_serializer' }
默认值: 'root@localhost'
The email address that error messages come from, such as those sent to
ADMINS
and MANAGERS
.
默认值: 1209600
(2 weeks, in seconds)
The age of session cookies, in seconds. See How to use sessions.
默认值: None
The domain to use for session cookies. Set this to a string such as
".lawrence.com"
for cross-domain cookies, or use None
for a standard
domain cookie. See the How to use sessions.
默认值: False
Whether to use HTTPOnly flag on the session cookie. If this is set to
True
, client-side JavaScript will not to be able to access the
session cookie.
HTTPOnly is a flag included in a Set-Cookie HTTP response header. It is not part of the RFC 2109 standard for cookies, and it isn’t honored consistently by all browsers. However, when it is honored, it can be a useful way to mitigate the risk of client side script accessing the protected cookie data.
默认值: 'sessionid'
The name of the cookie to use for sessions. This can be whatever you want (but
should be different from LANGUAGE_COOKIE_NAME
).
See the How to use sessions.
默认值: '/'
The path set on the session cookie. This should either match the URL path of your Django installation or be parent of that path.
This is useful if you have multiple Django instances running under the same hostname. They can use different cookie paths, and each instance will only see its own session cookie.
默认值: False
Whether to use a secure cookie for the session cookie. If this is set to
True
, the cookie will be marked as “secure,” which means browsers may
ensure that the cookie is only sent under an HTTPS connection.
See the How to use sessions.
默认值: django.contrib.sessions.backends.db
Controls where Django stores session data. Valid values are:
'django.contrib.sessions.backends.db'
'django.contrib.sessions.backends.file'
'django.contrib.sessions.backends.cache'
'django.contrib.sessions.backends.cached_db'
'django.contrib.sessions.backends.signed_cookies'
See How to use sessions.
默认值: False
Whether to expire the session when the user closes his or her browser. See the How to use sessions.
默认值: None
If you’re using file-based session storage, this sets the directory in
which Django will store session data. See How to use sessions. When
the default value (None
) is used, Django will use the standard temporary
directory for the system.
默认值: False
Whether to save the session data on every request. See How to use sessions.
默认值: m/d/Y
(e.g. 12/31/2003
)
An available formatting that can be used for displaying date fields on
templates. Note that if USE_L10N
is set to True
, then the
corresponding locale-dictated format has higher precedence and will be applied.
See allowed date format strings
.
See also DATE_FORMAT
and SHORT_DATETIME_FORMAT
.
默认值: m/d/Y P
(e.g. 12/31/2003 4 p.m.
)
An available formatting that can be used for displaying datetime fields on
templates. Note that if USE_L10N
is set to True
, then the
corresponding locale-dictated format has higher precedence and will be applied.
See allowed date format strings
.
See also DATE_FORMAT
and SHORT_DATE_FORMAT
.
默认值: ‘django.core.signing.TimestampSigner’
The backend used for signing cookies and other data.
See also the Cryptographic signing documentation.
默认值: Not defined
The ID, as an integer, of the current site in the django_site
database
table. This is used so that application data can hook into specific site(s)
and a single database can manage content for multiple sites.
默认值: ''
(Empty string)
The absolute path to the directory where collectstatic
will collect
static files for deployment.
Example: "/home/example.com/static/"
If the staticfiles contrib app is enabled
(default) the collectstatic
management command will collect static
files into this directory. See the howto on managing static
files for more details about usage.
Warning
This should be an (initially empty) destination directory for collecting
your static files from their permanent locations into one directory for
ease of deployment; it is not a place to store your static files
permanently. You should do that in directories that will be found by
staticfiles‘s
finders
, which by default, are
'static/'
app sub-directories and any directories you include in
STATICFILES_DIRS
).
See staticfiles reference and
STATIC_URL
.
默认值: None
URL to use when referring to static files located in STATIC_ROOT
.
Example: "/site_media/static/"
or "http://static.example.com/"
If not None
, this will be used as the base path for
media definitions and the
staticfiles app.
It must end in a slash if set to a non-empty value.
See STATIC_ROOT
.
默认值::
(“django.contrib.auth.context_processors.auth”, “django.core.context_processors.debug”, “django.core.context_processors.i18n”, “django.core.context_processors.media”, “django.core.context_processors.static”, “django.core.context_processors.tz”, “django.contrib.messages.context_processors.messages”)
A tuple of callables that are used to populate the context in RequestContext
.
These callables take a request object as their argument and return a dictionary
of items to be merged into the context.
django.contrib.messages.context_processors.messages
was added to the
default. For more information, see the messages documentation.django.core.context_processors.auth
to
django.contrib.auth.context_processors.auth
.django.core.context_processors.static
context processor
was added in this release.django.core.context_processors.tz
context processor
was added in this release.默认值: False
A boolean that turns on/off template debug mode. If this is True
, the fancy
error page will display a detailed report for any exception raised during
template rendering. This report contains the relevant snippet of the template,
with the appropriate line highlighted.
Note that Django only displays fancy error pages if DEBUG
is True
, so
you’ll want to set that to take advantage of this setting.
See also DEBUG
.
默认值: ()
(Empty tuple)
List of locations of the template source files searched by
django.template.loaders.filesystem.Loader
, in search order.
Note that these paths should use Unix-style forward slashes, even on Windows.
默认值::
- (‘django.template.loaders.filesystem.Loader’,
- ‘django.template.loaders.app_directories.Loader’)
A tuple of template loader classes, specified as strings. Each Loader
class
knows how to import templates from a particular source. Optionally, a tuple can be
used instead of a string. The first item in the tuple should be the Loader
‘s
module, subsequent items are passed to the Loader
during initialization. See
The Django template language: For Python programmers.
TEMPLATE_LOADERS
setting will accept strings
that specify function-based loaders until compatibility with them is
completely removed in Django 1.4.默认值: ''
(Empty string)
Output, as a string, that the template system should use for invalid (e.g. misspelled) variables. See How invalid variables are handled..
默认值: 'django.test.simple.DjangoTestSuiteRunner'
The name of the class to use for starting the test suite. See Testing Django applications.
默认值: ,
(Comma)
Default thousand separator used when formatting numbers. This setting is
used only when USE_THOUSAND_SEPARATOR
is True
and
NUMBER_GROUPING
is greater than 0
.
Note that if USE_L10N
is set to True
, then the locale-dictated
format has higher precedence and will be applied instead.
See also NUMBER_GROUPING
, DECIMAL_SEPARATOR
and
USE_THOUSAND_SEPARATOR
.
默认值: 'P'
(e.g. 4 p.m.
)
The default formatting to use for displaying time fields in any part of the
system. Note that if USE_L10N
is set to True
, then the
locale-dictated format has higher precedence and will be applied instead. See
allowed date format strings
.
USE_L10N
to True
.See also DATE_FORMAT
and DATETIME_FORMAT
.
默认值: ('%H:%M:%S', '%H:%M')
A tuple of formats that will be accepted when inputting data on a time field.
Formats will be tried in order, using the first valid one. Note that these
format strings use Python’s datetime module syntax, not the format strings
from the date
Django template tag.
When USE_L10N
is True
, the locale-dictated format has higher
precedence and will be applied instead.
See also DATE_INPUT_FORMATS
and DATETIME_INPUT_FORMATS
.
默认值: 'America/Chicago'
None
was added as an allowed value.USE_TZ
.A string representing the time zone for this installation, or
None
. See available choices. (Note that list of available
choices lists more than one on the same line; you’ll want to use just
one of the choices for a given time zone. For instance, one line says
'Europe/London GB GB-Eire'
, but you should use the first bit of
that – 'Europe/London'
– as your TIME_ZONE
setting.)
Note that this isn’t necessarily the time zone of the server. For example, one server may serve multiple Django-powered sites, each with a separate time zone setting.
When USE_TZ
is False
, this is the time zone in which Django
will store all datetimes. When USE_TZ
is True
, this is the
default time zone that Django will use to display datetimes in templates and
to interpret datetimes entered in forms.
Django sets the os.environ['TZ']
variable to the time zone you specify in
the TIME_ZONE
setting. Thus, all your views and models will
automatically operate in this time zone. However, Django won’t set the TZ
environment variable under the following conditions:
TIME_ZONE = None
. This will cause Django to fall
back to using the system time zone.If Django doesn’t set the TZ
environment variable, it’s up to you
to ensure your processes are running in the correct environment.
Note
Django cannot reliably use alternate time zones in a Windows environment.
If you’re running Django on Windows, TIME_ZONE
must be set to
match the system time zone.
默认值: Django/<version> (https://www.djangoproject.com/)
The string to use as the User-Agent
header when checking to see if
URLs exist (see the verify_exists
option on
URLField
). This setting was deprecated in
1.3.1 along with verify_exists
and will be removed in 1.4.
默认值: False
A boolean that specifies whether to output the “Etag” header. This saves
bandwidth but slows down performance. This is used by the CommonMiddleware
(see Middleware) and in the``Cache Framework``
(see Django’s cache framework).
默认值: True
A boolean that specifies whether Django’s translation system should be enabled.
This provides an easy way to turn it off, for performance. If this is set to
False
, Django will make some optimizations so as not to load the
translation machinery.
See also LANGUAGE_CODE
, USE_L10N
and USE_TZ
.
默认值: False
A boolean that specifies if localized formatting of data will be enabled by
default or not. If this is set to True
, e.g. Django will display numbers and
dates using the format of the current locale.
See also LANGUAGE_CODE
, USE_I18N
and USE_TZ
.
Note
The default settings.py
file created by django-admin.py
startproject
includes USE_L10N = True
for convenience.
默认值: False
A boolean that specifies whether to display numbers using a thousand separator.
When USE_L10N
is set to True
and if this is also set to
True
, Django will use the values of THOUSAND_SEPARATOR
and
NUMBER_GROUPING
to format numbers.
See also DECIMAL_SEPARATOR
, NUMBER_GROUPING
and
THOUSAND_SEPARATOR
.
默认值: False
A boolean that specifies if datetimes will be timezone-aware by default or not.
If this is set to True
, Django will use timezone-aware datetimes internally.
Otherwise, Django will use naive datetimes in local time.
See also TIME_ZONE
, USE_I18N
and USE_L10N
.
Note
The default settings.py
file created by
django-admin.py startproject
includes
USE_TZ = True
for convenience.
默认值: False
A boolean that specifies whether to use the X-Forwarded-Host header in preference to the Host header. This should only be enabled if a proxy which sets this header is in use.
默认值: None
The full Python path of the WSGI application object that Django’s built-in
servers (e.g. runserver
) will use. The django-admin.py
startproject
management command will create a simple
wsgi.py
file with an application
callable in it, and point this setting
to that application
.
If not set, the return value of django.core.wsgi.get_wsgi_application()
will be used. In this case, the behavior of runserver
will be
identical to previous Django versions.
默认值: 'F Y'
The default formatting to use for date fields on Django admin change-list pages – and, possibly, by other parts of the system – in cases when only the year and month are displayed.
For example, when a Django admin change-list page is being filtered by a date drilldown, the header for a given month displays the month and the year. Different locales have different formats. For example, U.S. English would say “January 2006,” whereas another locale might say “2006/January.”
See allowed date format strings
. See also
DATE_FORMAT
, DATETIME_FORMAT
, TIME_FORMAT
and MONTH_DAY_FORMAT
.
默认值: 'SAMEORIGIN'
The default value for the X-Frame-Options header used by
XFrameOptionsMiddleware
. See the
clickjacking protection documentation.
Deprecated since version 1.4: This setting has been obsoleted by the django.contrib.staticfiles
app
integration. See the Django 1.4 release notes for
more information.
Deprecated since version 1.4: This setting has been superseded by IGNORABLE_404_URLS
.
Deprecated since version 1.4: This setting has been superseded by IGNORABLE_404_URLS
.
Jul 07, 2017