From 063260d090d175f010f42270664d476bb8039801 Mon Sep 17 00:00:00 2001 From: Adam Tauber Date: Wed, 4 Nov 2020 17:32:51 +0100 Subject: [PATCH] [enh] add default http headers - closes #715 --- searx/settings.yml | 6 ++++++ searx/webapp.py | 10 ++++++++++ 2 files changed, 16 insertions(+) diff --git a/searx/settings.yml b/searx/settings.yml index 54352bbf..5cab0a10 100644 --- a/searx/settings.yml +++ b/searx/settings.yml @@ -17,6 +17,12 @@ server: image_proxy : False # Proxying image results through searx http_protocol_version : "1.0" # 1.0 and 1.1 are supported method: "POST" # POST queries are more secure as they don't show up in history but may cause problems when using Firefox containers + default_http_headers: + X-Content-Type-Options : nosniff + X-XSS-Protection : 1; mode=block + X-Download-Options : noopen + X-Robots-Tag : noindex, nofollow + Referrer-Policy : no-referrer ui: static_path : "" # Custom static path - leave it blank if you didn't change diff --git a/searx/webapp.py b/searx/webapp.py index 46d547d5..d68ae349 100755 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -487,6 +487,16 @@ def pre_request(): request.user_plugins.append(plugin) +@app.after_request +def add_default_headers(response): + # set default http headers + for header, value in settings['server'].get('default_http_headers', {}).items(): + if header in response.headers: + continue + response.headers[header] = value + return response + + @app.after_request def post_request(response): total_time = time() - request.start_time