Commit graph

4 commits

Author SHA1 Message Date
Markus Heiser
ab8e5383fb [mod] remove X-XSS-Protection headers
Deprecated header not used by browsers nowadays[1]:

"""In modern browsers, X-XSS-Protection has been deprecated in favor of the
Content-Security-Policy to disable the use of inline JavaScript. Its use can
introduce XSS vulnerabilities in otherwise safe websites. This should not be
used unless you need to support older web browsers that don’t yet support CSP.
It is thus recommended to set the header as X-XSS-Protection: 0."""[2]

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
[2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection

Closes: https://github.com/searxng/searxng/issues/3171
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-01-31 17:23:41 +01:00
Markus Heiser
fdeece0aae [fix] changeover of the unit tests to the simple theme
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2022-02-20 18:51:12 +01:00
Markus Heiser
c5d3f542d5 [yamllint] tests/unit/settings/user_settings.yml
Fixed messages reported by::

    make test.yamllint

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-06-05 17:41:24 +02:00
Alexandre Flament
b4b81a5e1a [enh] settings.yml: add use_default_settings option (2nd version) 2020-11-27 19:40:04 +01:00