Commit Graph

12 Commits

Author SHA1 Message Date
Markus Heiser ab8e5383fb [mod] remove X-XSS-Protection headers
Deprecated header not used by browsers nowadays[1]:

"""In modern browsers, X-XSS-Protection has been deprecated in favor of the
Content-Security-Policy to disable the use of inline JavaScript. Its use can
introduce XSS vulnerabilities in otherwise safe websites. This should not be
used unless you need to support older web browsers that don’t yet support CSP.
It is thus recommended to set the header as X-XSS-Protection: 0."""[2]

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
[2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection

Closes: https://github.com/searxng/searxng/issues/3171
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-01-31 17:23:41 +01:00
Markus Heiser 733b795d53 [fix] make flask_babel.gettext() work in engine modules (L10n & threads)
incident:
  flask_babel.gettext() does not work in the engine modules.

cause:
  the request() and response() functions of the engine modules run in the
  processor, whose search() method runs in a thread and in the threads the
  context of the Flask app does not exist. The context of the Flask app is
  needed by the gettext() function for the L10n.

Solution:
  copy context of the Flask app into the threads. [1]

special case:
  We cannot equip the search() method of the processors with the decorator [1],
  because the decorator requires a context (Flask app) that does not yet exist
  at the time of the initialization of the processors (the initialization of the
  processors is part of the initialization of the Flask app).

[1] https://flask.palletsprojects.com/en/2.3.x/api/#flask.copy_current_request_context

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-08-09 13:27:43 +02:00
Markus Heiser fdeece0aae [fix] changeover of the unit tests to the simple theme
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2022-02-20 18:51:12 +01:00
Markus Heiser e02b5469f0 [mod] use tests/unit/settings/test_settings.yml in unit tests
In unit tests settings from

    searx/settings.yml

and the user settings from:

    unit/settings/test_settings.yml

are used.  In the latter, settings can be activated that are needed in the unit
test but should not activated by default in production.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-07-25 12:59:09 +02:00
Markus Heiser b86a3f6303 [yamllint] tests/unit/settings/user_settings_remove2.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Markus Heiser 008760a8c2 [yamllint] tests/unit/settings/user_settings_remove.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Markus Heiser 15da3f6591 [yamllint] tests/unit/settings/user_settings_simple.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Markus Heiser 00b10bb443 [yamllint] tests/unit/settings/user_settings_keep_only.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Markus Heiser c5d3f542d5 [yamllint] tests/unit/settings/user_settings.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Markus Heiser 68213f6be4 [yamllint] tests/unit/settings/syntaxerror_settings.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Alexandre Flament d0d7a3e1c2 [fix] settings_loader: don't crash when a key exists only in the user settings
typical use case: result_proxy can be defined in the user settings,
but are not defined the default settings.yml
2020-12-03 11:35:12 +01:00
Alexandre Flament b4b81a5e1a [enh] settings.yml: add use_default_settings option (2nd version) 2020-11-27 19:40:04 +01:00