mirror of
https://github.com/searxng/searxng.git
synced 2024-11-26 04:41:00 +00:00
ab8e5383fb
Deprecated header not used by browsers nowadays[1]: """In modern browsers, X-XSS-Protection has been deprecated in favor of the Content-Security-Policy to disable the use of inline JavaScript. Its use can introduce XSS vulnerabilities in otherwise safe websites. This should not be used unless you need to support older web browsers that don’t yet support CSP. It is thus recommended to set the header as X-XSS-Protection: 0."""[2] [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection [2] https://infosec.mozilla.org/guidelines/web_security#x-xss-protection Closes: https://github.com/searxng/searxng/issues/3171 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
1.7 KiB
1.7 KiB
server:
server:
base_url: http://example.org/location # change this!
port: 8888
bind_address: "127.0.0.1"
secret_key: "ultrasecretkey" # change this!
limiter: false
public_instance: false
image_proxy: false
default_http_headers:
X-Content-Type-Options : nosniff
X-Download-Options : noopen
X-Robots-Tag : noindex, nofollow
Referrer-Policy : no-referrer
base_url
:$SEARXNG_URL
The base URL where SearXNG is deployed. Used to create correct inbound links.
port
&bind_address
:$SEARXNG_PORT
&$SEARXNG_BIND_ADDRESS
Port number and bind address of the SearXNG web application if you run it directly using
python searx/webapp.py
. Doesn't apply to a SearXNG services running behind a proxy and using socket communications.secret_key
:$SEARXNG_SECRET
Used for cryptography purpose.
limiter
:Rate limit the number of request on the instance, block some bots. The
limiter
requires asettings redis
database.
public_instance
:
Setting that allows to enable features specifically for public instances (not needed for local usage). By set to
true
the following features are activated:
- :py
searx.botdetection.link_token
in thelimiter
image_proxy
:Allow your instance of SearXNG of being able to proxy images. Uses memory space.
default_http_headers
:Set additional HTTP headers, see #755