| Age | Commit message (Collapse) | Author |
|---|
|
|
|
The intention of this PR is to modernize the settings_loader implementations.
The concept is old (remember, this is partly from 2014), back then we only had
one config file, meanwhile we have had a folder with config files for a very
long time. Callers can now load a YAML configuration from this folder as
follows ::
settings_loader.get_yaml_cfg('my-config.yml')
- BTW this is a fix of #3557.
- Further the `existing_filename_or_none` construct dates back to times when
there was not yet a `pathlib.Path` in all Python versions we supported in the
past.
- Typehints have been added wherever appropriate
At the same time, this patch should also be downward compatible and not
introduce a new environment variable. The localization of the folder with the
configurations is further based on:
SEARXNG_SETTINGS_PATH (wich defaults to /etc/searxng/settings.yml)
Which means, the default config folder is `/etc/searxng/`.
ATTENTION: intended functional changes!
If SEARXNG_SETTINGS_PATH was set and pointed to a not existing file, the
previous implementation silently loaded the default configuration. This
behavior has been changed: if the file or folder does not exist, an
EnvironmentError exception will be thrown in future.
Closes: https://github.com/searxng/searxng/issues/3557
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Deprecated header not used by browsers nowadays[1]:
"""In modern browsers, X-XSS-Protection has been deprecated in favor of the
Content-Security-Policy to disable the use of inline JavaScript. Its use can
introduce XSS vulnerabilities in otherwise safe websites. This should not be
used unless you need to support older web browsers that don’t yet support CSP.
It is thus recommended to set the header as X-XSS-Protection: 0."""[2]
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
[2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection
Closes: https://github.com/searxng/searxng/issues/3171
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
incident:
flask_babel.gettext() does not work in the engine modules.
cause:
the request() and response() functions of the engine modules run in the
processor, whose search() method runs in a thread and in the threads the
context of the Flask app does not exist. The context of the Flask app is
needed by the gettext() function for the L10n.
Solution:
copy context of the Flask app into the threads. [1]
special case:
We cannot equip the search() method of the processors with the decorator [1],
because the decorator requires a context (Flask app) that does not yet exist
at the time of the initialization of the processors (the initialization of the
processors is part of the initialization of the Flask app).
[1] https://flask.palletsprojects.com/en/2.3.x/api/#flask.copy_current_request_context
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
In unit tests settings from
searx/settings.yml
and the user settings from:
unit/settings/test_settings.yml
are used. In the latter, settings can be activated that are needed in the unit
test but should not activated by default in production.
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
Fixed messages reported by::
make test.yamllint
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
|
|
typical use case: result_proxy can be defined in the user settings,
but are not defined the default settings.yml
|
|
|
