| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
Fix Nginx subdir URL install docs which allowed download of settings.yml
|
|
|
|
We explicitly specific the static directory here using alias to allow to
host from a other subdirectory than "searx" which just so happens to
match the source code directory.
|
|
Closes: #1617
There is an issue with the setup example in https://asciimoo.github.io/searx/dev/install/installation.html#installation for subdirectory URL deployments:
```nginx
root /usr/local/searx;
location = /searx { rewrite ^ /searx/; }
try_files $uri @searx;
}
location @searx {
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_modifier1 30;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```
`try_files` causes Nginx to search for files in the server root first. If it matches a file, it is returned. Only if no file matched, the request is passed to uwsgi. The worst consequence I can think of is that `settings.yml` can be downloaded without authentication (where secrets and configuration details are stored).
To fix this, I propose:
```nginx
location = /searx {
rewrite ^ /searx/;
}
location /searx/static {
}
location /searx {
uwsgi_param SCRIPT_NAME /searx;
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/searx/socket;
}
```
And add
```
route-run = fixpathinfo:
```
to `/etc/uwsgi/apps-available/searx.ini` because `uwsgi_modifier1 30` is apparently deprecated. Ref: https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.11.html#fixpathinfo-routing-action
I assume this issue exists because some uwsgi upstream docs also use the `try_files` construct (at least I have seen this somewhere in the docs or somewhere else on the Internet but cannot find it right now again).
https://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info also warns about this:
> If used incorrectly a configuration like this may cause security problems. For your sanity’s sake, double-triple-quadruple check that your application files, configuration files and any other sensitive files are outside of the root of the static files.
|
|
Move wiki entry https://github.com/asciimoo/searx/wiki/settings.yml
into admin section of the docs (#1785).
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
BTW: remove internal suspend_end_time
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fix engine spotify
As you can read here https://developer.spotify.com/documentation/web-api/#authentication all requests to the spotify api require authentication. You can not test the api without credentials.
|
|
|
|
doc: describe Makefile targets & add reST primer
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
- Literal blocks
- Unicode substitution
- Horizontal list
- Math equations
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
See issue #1785:
idea: in the doc, provide installation instructions with one tab per
distrubution
preview (don't bookmark):
https://return42.github.io/searx/dev/reST.html#tabbed-views
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
preview (don't bookmark):
https://return42.github.io/searx/dev/contribution_guide.html#code
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
preview (don't bookmark):
https://return42.github.io/searx/dev/contribution_guide.html#code
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
Update README.rst
for the future: please select meaningful commit messages. Here is a good summarize how a useful commit messages looks like: https://www.conventionalcommits.org/en/v1.0.0-beta.2/#summary
Further read: https://wiki.openstack.org/wiki/GitCommitMessages#Information_in_commit_messages
|
|
|
|
Fix not jumping to results loaded by infinite scroll
|
|
|
|
Fix broken Library Gensis Engine
|
|
|
|
|
|
[Fix] oscar: no HTML escaping prior to output
|
|
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.
This change addresses the issue by using "safe" filter feature provided by
Django. See,
- https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
- Searx issue tracker (issue #1649), for more information.
Resolves: #1649
|
|
|
|
|
|
Infobox fixes
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
- Plugins configured at built time (defaults)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
BTW: minor profread of reST.rst
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Herein we add some hints and suggestions about typical architectures of
searx infrastructures. We start with a contribution from @dalf
- https://github.com/asciimoo/searx/pull/1776#issuecomment-567917320
thanks @dalf !!
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Libgen has switched to new domain (i.e https://libgen.is) with TLS
support and older domain (i.e. http://libgen.io) is no longer
accessible. See, https://en.wikipedia.org/wiki/Library_Genesis, for more
information.
Resolves: #1693
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
|
|
This bug happens only in python3
because map returns an iterator.
|
|
They're usually IPA pronunciations which are removed
by the API.
|
|
|
|
When results are fetched from any programming related documentation site
(like git-scm.com, docs.python.org etc), content in Info box is shown as
raw HTML code.
This change addresses the issue by using "safe" filter feature provided by
Django. See,
- https://docs.djangoproject.com/en/3.0/ref/templates/builtins/#safe
- Searx issue tracker (issue #1649), for more information.
Resolves: #1649
|
|
In low width devices like mobile, tablet etc, info box is present at
bottom of the page.
This change addresses the issue by rearranging column grids for low
width devices and move side bar at top of the page. See
- https://getbootstrap.com/docs/3.3/css/#grid-column-ordering.
- and Searx issue tracker (issue#1777), for more information.
Effect: Along with Info, Suggestion and Link boxes also move to top of
the page.
Resolves: #1777
|
|
|
|
These tests are not able to detect engine errors if the upstream
site changes.
|
|
|
