1
0
mirror of https://github.com/searxng/searxng.git synced 2024-11-23 04:27:46 +01:00
Commit Graph

13 Commits

Author SHA1 Message Date
Markus Heiser
2039060b64 [mod] revision of the settings_loader
The intention of this PR is to modernize the settings_loader implementations.
The concept is old (remember, this is partly from 2014), back then we only had
one config file, meanwhile we have had a folder with config files for a very
long time.  Callers can now load a YAML configuration from this folder as
follows ::

    settings_loader.get_yaml_cfg('my-config.yml')

- BTW this is a fix of #3557.

- Further the `existing_filename_or_none` construct dates back to times when
  there was not yet a `pathlib.Path` in all Python versions we supported in the
  past.

- Typehints have been added wherever appropriate

At the same time, this patch should also be downward compatible and not
introduce a new environment variable. The localization of the folder with the
configurations is further based on:

    SEARXNG_SETTINGS_PATH (wich defaults to /etc/searxng/settings.yml)

Which means, the default config folder is `/etc/searxng/`.

ATTENTION: intended functional changes!

 If SEARXNG_SETTINGS_PATH was set and pointed to a not existing file, the
 previous implementation silently loaded the default configuration.  This
 behavior has been changed: if the file or folder does not exist, an
 EnvironmentError exception will be thrown in future.

Closes: https://github.com/searxng/searxng/issues/3557
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-07-14 18:10:06 +02:00
Markus Heiser
ab8e5383fb [mod] remove X-XSS-Protection headers
Deprecated header not used by browsers nowadays[1]:

"""In modern browsers, X-XSS-Protection has been deprecated in favor of the
Content-Security-Policy to disable the use of inline JavaScript. Its use can
introduce XSS vulnerabilities in otherwise safe websites. This should not be
used unless you need to support older web browsers that don’t yet support CSP.
It is thus recommended to set the header as X-XSS-Protection: 0."""[2]

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
[2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection

Closes: https://github.com/searxng/searxng/issues/3171
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-01-31 17:23:41 +01:00
Markus Heiser
733b795d53 [fix] make flask_babel.gettext() work in engine modules (L10n & threads)
incident:
  flask_babel.gettext() does not work in the engine modules.

cause:
  the request() and response() functions of the engine modules run in the
  processor, whose search() method runs in a thread and in the threads the
  context of the Flask app does not exist. The context of the Flask app is
  needed by the gettext() function for the L10n.

Solution:
  copy context of the Flask app into the threads. [1]

special case:
  We cannot equip the search() method of the processors with the decorator [1],
  because the decorator requires a context (Flask app) that does not yet exist
  at the time of the initialization of the processors (the initialization of the
  processors is part of the initialization of the Flask app).

[1] https://flask.palletsprojects.com/en/2.3.x/api/#flask.copy_current_request_context

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2023-08-09 13:27:43 +02:00
Markus Heiser
fdeece0aae [fix] changeover of the unit tests to the simple theme
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2022-02-20 18:51:12 +01:00
Markus Heiser
e02b5469f0 [mod] use tests/unit/settings/test_settings.yml in unit tests
In unit tests settings from

    searx/settings.yml

and the user settings from:

    unit/settings/test_settings.yml

are used.  In the latter, settings can be activated that are needed in the unit
test but should not activated by default in production.

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-07-25 12:59:09 +02:00
Markus Heiser
b86a3f6303 [yamllint] tests/unit/settings/user_settings_remove2.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Markus Heiser
008760a8c2 [yamllint] tests/unit/settings/user_settings_remove.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Markus Heiser
15da3f6591 [yamllint] tests/unit/settings/user_settings_simple.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Markus Heiser
00b10bb443 [yamllint] tests/unit/settings/user_settings_keep_only.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Markus Heiser
c5d3f542d5 [yamllint] tests/unit/settings/user_settings.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Markus Heiser
68213f6be4 [yamllint] tests/unit/settings/syntaxerror_settings.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Alexandre Flament
d0d7a3e1c2 [fix] settings_loader: don't crash when a key exists only in the user settings
typical use case: result_proxy can be defined in the user settings,
but are not defined the default settings.yml
2020-12-03 11:35:12 +01:00
Alexandre Flament
b4b81a5e1a [enh] settings.yml: add use_default_settings option (2nd version) 2020-11-27 19:40:04 +01:00