Cutlery/searxng
1
0
Fork 0
mirror of https://github.com/searxng/searxng.git synced 2025-07-09 03:04:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

[fix] sec-fetch-* headers cannot be verified for non-secure requests (#4962)

Browse Source 
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser 2025-06-30 13:31:45 +02:00 committed by GitHub
parent 60be0f453e
commit 39c50dc013
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
searx/botdetection/http_sec_fetch.py
View File

@ -82,6 +82,12 @@ def filter_request(
cfg: config.Config, cfg: config.Config,
) -> werkzeug.Response | None: ) -> werkzeug.Response | None:
if not request.is_secure:
logger.warning(
"Sec-Fetch cannot be verified for non-secure requests (HTTP headers are not set/sent by the client)."
)
return None
# Only check Sec-Fetch headers for supported browsers # Only check Sec-Fetch headers for supported browsers
user_agent = request.headers.get('User-Agent', '') user_agent = request.headers.get('User-Agent', '')
if is_browser_supported(user_agent): if is_browser_supported(user_agent):