mirror of
https://github.com/searxng/searxng.git
synced 2025-07-12 07:49:22 +02:00
[fix] sec-fetch-* headers cannot be verified for non-secure requests (#4962)
Some checks failed
Documentation / Release (push) Has been cancelled
Integration / Python 3.10 (push) Has been cancelled
Integration / Python 3.11 (push) Has been cancelled
Integration / Python 3.12 (push) Has been cancelled
Integration / Python 3.13 (push) Has been cancelled
Integration / Python 3.9 (push) Has been cancelled
Integration / Theme (push) Has been cancelled
Some checks failed
Documentation / Release (push) Has been cancelled
Integration / Python 3.10 (push) Has been cancelled
Integration / Python 3.11 (push) Has been cancelled
Integration / Python 3.12 (push) Has been cancelled
Integration / Python 3.13 (push) Has been cancelled
Integration / Python 3.9 (push) Has been cancelled
Integration / Theme (push) Has been cancelled
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser
GitHub
parent
60be0f453e
commit
39c50dc013
1 changed files with 6 additions and 0 deletions
|
|
@ -82,6 +82,12 @@ def filter_request(
|
||||||
cfg: config.Config,
|
cfg: config.Config,
|
||||||
) -> werkzeug.Response | None:
|
) -> werkzeug.Response | None:
|
||||||
|
|
||||||
|
if not request.is_secure:
|
||||||
|
logger.warning(
|
||||||
|
"Sec-Fetch cannot be verified for non-secure requests (HTTP headers are not set/sent by the client)."
|
||||||
|
)
|
||||||
|
return None
|
||||||
|
|
||||||
# Only check Sec-Fetch headers for supported browsers
|
# Only check Sec-Fetch headers for supported browsers
|
||||||
user_agent = request.headers.get('User-Agent', '')
|
user_agent = request.headers.get('User-Agent', '')
|
||||||
if is_browser_supported(user_agent):
|
if is_browser_supported(user_agent):
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue