diff options
| author | Markus Heiser <markus.heiser@darmarIT.de> | 2025-06-30 13:31:45 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-06-30 13:31:45 +0200 |
| commit | 39c50dc013944a0a27b4354c23f406956ac45971 (patch) | |
| tree | 9f4af144887be820d8d9e567f2048047848933c0 /searx/botdetection/http_sec_fetch.py | |
| parent | 60be0f453e9e4a5fc48aeb4706e75af0a4047b36 (diff) | |
[fix] sec-fetch-* headers cannot be verified for non-secure requests (#4962)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Diffstat (limited to 'searx/botdetection/http_sec_fetch.py')
| -rw-r--r-- | searx/botdetection/http_sec_fetch.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/searx/botdetection/http_sec_fetch.py b/searx/botdetection/http_sec_fetch.py index 5f16d1d9b..f64ee4b2c 100644 --- a/searx/botdetection/http_sec_fetch.py +++ b/searx/botdetection/http_sec_fetch.py @@ -82,6 +82,12 @@ def filter_request( cfg: config.Config, ) -> werkzeug.Response | None: + if not request.is_secure: + logger.warning( + "Sec-Fetch cannot be verified for non-secure requests (HTTP headers are not set/sent by the client)." + ) + return None + # Only check Sec-Fetch headers for supported browsers user_agent = request.headers.get('User-Agent', '') if is_browser_supported(user_agent): |