[mod] limiter: add random token to the limiter URL

By adding a random component in the limiter URL a bot can no longer send a ping by request a static URL. Related: https://github.com/searxng/searxng/pull/2357#issuecomment-1518525094 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2025-08-31 23:46:49 +02:00 · 2023-04-19 18:59:23 +02:00 · 2023-04-19 18:59:23 +02:00 · 5226044c13
commit 5226044c13
parent dba569462d
3 changed files with 30 additions and 5 deletions
--- a/searx/webapp.py
+++ b/searx/webapp.py
@ -416,6 +416,7 @@ def render(template_name: str, **kwargs):
    kwargs['endpoint'] = 'results' if 'q' in kwargs else request.endpoint
    kwargs['cookies'] = request.cookies
    kwargs['errors'] = request.errors
+    kwargs['limiter_token'] = limiter.get_token()

    # values from the preferences
    kwargs['preferences'] = request.preferences
@ -642,9 +643,10 @@ def health():
    return Response('OK', mimetype='text/plain')


-@app.route('/limiter.css', methods=['GET', 'POST'])
-def limiter_css():
-    limiter.ping()
+@app.route('/limiter<token>.css', methods=['GET', 'POST'])
+def limiter_css(token=None):
+    if limiter.token_is_valid(token):
+        limiter.ping()
    return Response('', mimetype='text/css')