7 commits

Author	SHA1	Message	Date
Markus Heiser	6cccb46f2b	[fix] replace X-Scheme by X-Forwarded-Proto header (#5107) ... The HTTP X-Forwarded-Proto (XFP) request header is a *de-facto* standard header for identifying the protocol (HTTP or HTTPS) that a client used to connect to a proxy or load balancer.[1] The ``X-Scheme`` header was added 10 years ago, why ``X-Scheme`` was used back then and not ``X-Forwarded-Proto``, nobody knows today / possibly because ``X-Forwarded-Proto`` wasn't a *de-facto* standard back then. [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Proto [2] 6ef7c3276	2025-08-10 13:05:40 +02:00
Markus Heiser	a0dd416e8a	[fix] use X-Forwarded-Proto header if the URL scheme is unknown (#5106) ... The HTTP X-Forwarded-Proto (XFP) request header is a de-facto standard header for identifying the protocol (HTTP or HTTPS) that a client used to connect to a proxy or load balancer.[1] In our documentation[2] we recommend to set the `X-Scheme` header. This header is not required if the `server.base_url` is set correctly.[3] If none of these URL scheme details exist, then the header X-Forwarded-Proto is evaluated as a third alternative. [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Proto [2] https://docs.searxng.org/admin/installation-apache.html#apache-s-searxng-site [3] https://docs.searxng.org/admin/settings/settings_server.html Closes: https://github.com/searxng/searxng/issues/5105	2025-08-10 11:08:57 +02:00
Ivan Gabaldon	ce8929cabe	[mod] limiter: trusted proxies (#4911) ... Replaces `x_for` functionality with `trusted_proxies`. This allows defining which IP / ranges to trust extracting the client IP address from X-Forwarded-For and X-Real-IP headers. We don't know if the proxy chain will give us the proper client address (REMOTE_ADDR in the WSGI environment), so we rely on reading the headers of the proxy before SearXNG (if there is one, in that case it must be added to trusted_proxies) hoping it has done the proper checks. In case a proxy in the chain does not check the client address correctly, integrity is compromised and this should be fixed by whoever manages the proxy, not us. Closes: - https://github.com/searxng/searxng/issues/4940 - https://github.com/searxng/searxng/issues/4939 - https://github.com/searxng/searxng/issues/4907 - https://github.com/searxng/searxng/issues/3632 - https://github.com/searxng/searxng/issues/3191 - https://github.com/searxng/searxng/issues/1237 Related: - https://github.com/searxng/searxng-docker/issues/386 - https://github.com/inetol-infrastructure/searxng-container/issues/81	2025-08-09 23:03:30 +02:00
Markus Heiser	542f7d0d7b	[mod] pylint all files with one profile / drop PYLINT_SEARXNG_DISABLE_OPTION ... In the past, some files were tested with the standard profile, others with a profile in which most of the messages were switched off ... some files were not checked at all. - ``PYLINT_SEARXNG_DISABLE_OPTION`` has been abolished - the distinction ``# lint: pylint`` is no longer necessary - the pylint tasks have been reduced from three to two 1. ./searx/engines -> lint engines with additional builtins 2. ./searx ./searxng_extra ./tests -> lint all other python files Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>	2024-03-11 14:55:38 +01:00
Markus Heiser	3d96a9839a	[format.python] initial formatting of the python code ... This patch was generated by black [1]:: make format.python [1] https://github.com/psf/black Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>	2021-12-27 09:26:22 +01:00
Markus Heiser	2a3b9a2e26	[pylint] searx: drop no longer needed 'missing-function-docstring' ... Suggested-by: @dalf https://github.com/searxng/searxng/issues/102#issuecomment-914168470 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>	2021-09-07 13:34:35 +02:00
Alexandre Flament	eeb0998787	[mod] refactor: move Flask proxy fix to searx.flaskfix module	2021-06-08 15:54:11 +02:00