Icycoide/searxng
1
0
Fork 1
mirror of https://github.com/searxng/searxng.git synced 2025-08-14 07:46:44 +02:00
Code Issues Projects Releases Packages Wiki Activity
8840 commits 5 branches 0 tags 143 MiB
Commit graph

6 commits

Author SHA1 Message Date
Markus Heiser
a0dd416e8a
[fix] use X-Forwarded-Proto header if the URL scheme is unknown (#5106) 
The HTTP X-Forwarded-Proto (XFP) request header is a de-facto standard header
for identifying the protocol (HTTP or HTTPS) that a client used to connect to a
proxy or load balancer.[1]

In our documentation[2] we recommend to set the `X-Scheme` header. This header
is not required if the `server.base_url` is set correctly.[3]

If none of these URL scheme details exist, then the header X-Forwarded-Proto is
evaluated as a third alternative.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Proto
[2] https://docs.searxng.org/admin/installation-apache.html#apache-s-searxng-site
[3] https://docs.searxng.org/admin/settings/settings_server.html

Closes: https://github.com/searxng/searxng/issues/5105
 2025-08-10 11:08:57 +02:00
Ivan Gabaldon
ce8929cabe
[mod] limiter: trusted proxies (#4911) 
Replaces `x_for` functionality with `trusted_proxies`. This allows defining
which IP / ranges to trust extracting the client IP address from X-Forwarded-For
and X-Real-IP headers.

We don't know if the proxy chain will give us the proper client
address (REMOTE_ADDR in the WSGI environment), so we rely on reading the headers
of the proxy before SearXNG (if there is one, in that case it must be added to
trusted_proxies) hoping it has done the proper checks. In case a proxy in the
chain does not check the client address correctly, integrity is compromised and
this should be fixed by whoever manages the proxy, not us.

Closes:

- https://github.com/searxng/searxng/issues/4940
- https://github.com/searxng/searxng/issues/4939
- https://github.com/searxng/searxng/issues/4907
- https://github.com/searxng/searxng/issues/3632
- https://github.com/searxng/searxng/issues/3191
- https://github.com/searxng/searxng/issues/1237

Related:

- https://github.com/searxng/searxng-docker/issues/386
- https://github.com/inetol-infrastructure/searxng-container/issues/81
 2025-08-09 23:03:30 +02:00
Markus Heiser
542f7d0d7b [mod] pylint all files with one profile / drop PYLINT_SEARXNG_DISABLE_OPTION 
In the past, some files were tested with the standard profile, others with a
profile in which most of the messages were switched off ... some files were not
checked at all.

- ``PYLINT_SEARXNG_DISABLE_OPTION`` has been abolished
- the distinction ``# lint: pylint`` is no longer necessary
- the pylint tasks have been reduced from three to two

  1. ./searx/engines -> lint engines with additional builtins
  2. ./searx ./searxng_extra ./tests -> lint all other python files

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
 2024-03-11 14:55:38 +01:00
Markus Heiser
3d96a9839a [format.python] initial formatting of the python code 
This patch was generated by black [1]::

    make format.python

[1] https://github.com/psf/black

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
 2021-12-27 09:26:22 +01:00
Markus Heiser
2a3b9a2e26 [pylint] searx: drop no longer needed 'missing-function-docstring' 
Suggested-by: @dalf https://github.com/searxng/searxng/issues/102#issuecomment-914168470
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
 2021-09-07 13:34:35 +02:00
Alexandre Flament
eeb0998787 [mod] refactor: move Flask proxy fix to searx.flaskfix module 2021-06-08 15:54:11 +02:00