| Age | Commit message (Collapse) | Author |
|---|
|
Deprecated header not used by browsers nowadays[1]:
"""In modern browsers, X-XSS-Protection has been deprecated in favor of the
Content-Security-Policy to disable the use of inline JavaScript. Its use can
introduce XSS vulnerabilities in otherwise safe websites. This should not be
used unless you need to support older web browsers that don’t yet support CSP.
It is thus recommended to set the header as X-XSS-Protection: 0."""[2]
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
[2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection
Closes: https://github.com/searxng/searxng/issues/3171
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
incident:
flask_babel.gettext() does not work in the engine modules.
cause:
the request() and response() functions of the engine modules run in the
processor, whose search() method runs in a thread and in the threads the
context of the Flask app does not exist. The context of the Flask app is
needed by the gettext() function for the L10n.
Solution:
copy context of the Flask app into the threads. [1]
special case:
We cannot equip the search() method of the processors with the decorator [1],
because the decorator requires a context (Flask app) that does not yet exist
at the time of the initialization of the processors (the initialization of the
processors is part of the initialization of the Flask app).
[1] https://flask.palletsprojects.com/en/2.3.x/api/#flask.copy_current_request_context
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
In unit tests settings from
searx/settings.yml
and the user settings from:
unit/settings/test_settings.yml
are used. In the latter, settings can be activated that are needed in the unit
test but should not activated by default in production.
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
typical use case: result_proxy can be defined in the user settings,
but are not defined the default settings.yml
|
|
|
