diff options
| author | Noémi Ványi <kvch@users.noreply.github.com> | 2020-11-08 17:05:16 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-08 17:05:16 +0100 |
| commit | aa6eaf603ff9b403dcc32adadbb1e75445f0348c (patch) | |
| tree | 938ca4d6524a4395b4b0a02ca913d42e4c2c961d | |
| parent | c03e4c86bc49d6ef4664c038066d9f1c16e7dafc (diff) | |
| parent | 063260d090d175f010f42270664d476bb8039801 (diff) | |
Merge pull request #2295 from searx/default-http-headers
[enh] add default http headers - closes #715
| -rw-r--r-- | searx/settings.yml | 6 | ||||
| -rwxr-xr-x | searx/webapp.py | 10 |
2 files changed, 16 insertions, 0 deletions
diff --git a/searx/settings.yml b/searx/settings.yml index 54352bbfc..5cab0a102 100644 --- a/searx/settings.yml +++ b/searx/settings.yml @@ -17,6 +17,12 @@ server: image_proxy : False # Proxying image results through searx http_protocol_version : "1.0" # 1.0 and 1.1 are supported method: "POST" # POST queries are more secure as they don't show up in history but may cause problems when using Firefox containers + default_http_headers: + X-Content-Type-Options : nosniff + X-XSS-Protection : 1; mode=block + X-Download-Options : noopen + X-Robots-Tag : noindex, nofollow + Referrer-Policy : no-referrer ui: static_path : "" # Custom static path - leave it blank if you didn't change diff --git a/searx/webapp.py b/searx/webapp.py index 46d547d52..d68ae349a 100755 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -488,6 +488,16 @@ def pre_request(): @app.after_request +def add_default_headers(response): + # set default http headers + for header, value in settings['server'].get('default_http_headers', {}).items(): + if header in response.headers: + continue + response.headers[header] = value + return response + + +@app.after_request def post_request(response): total_time = time() - request.start_time timings_all = ['total;dur=' + str(round(total_time * 1000, 3))] |