Commit 6b57b051 authored by Nicolas Gelot's avatar Nicolas Gelot

Add CSP policy

Close: #44
parent 15c37643
......@@ -4,12 +4,13 @@ server {
listen 80;
server_name _;
add_header Content-Security-Policy "frame-ancestors 'self'";
add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
add_header Strict-Transport-Security "max-age=31536000";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header X-Robots-Tag "noindex, noarchive, nofollow";
root /var/www/spot;
......
......@@ -13,7 +13,7 @@ server:
bind_address : "0.0.0.0" # address to listen on
secret_key : "ultrasecretkey" # change this!
base_url : False # Set custom base_url. Possible values: False or "https://your.custom.host/location/"
image_proxy : False # Proxying image results through searx
image_proxy : True # Proxying image results through searx
http_protocol_version : "1.0" # 1.0 and 1.1 are supported
ui:
......
......@@ -88,34 +88,37 @@ $(document).ready(function(){
});
}
});
;
function configure_image_view(target) {
document.getElementById("image_view_image").src = target.href;
document.getElementById("image_view_file_link").href = target.href;
document.getElementById("image_view_url_link").href = target.dataset.url;
}
function show_image_view_modal(event) {
event.preventDefault();
var target = event.target;
if (target.tagName == "IMG") {
target = target.parentElement;
;$(document).ready(function(){
function configure_image_view(target, view_url) {
document.getElementById("image_view_image").src = view_url;
document.getElementById("image_view_file_link").href = target.href;
document.getElementById("image_view_url_link").href = target.dataset.url;
}
var modal = document.getElementById("image_view_modal");
modal.classList.remove("hidden");
modal.style.top = window.scrollY + "px";
configure_image_view(target);
document.body.classList.add("lock");
}
$(".result.result-images").click(function (event) {
event.preventDefault();
var target = event.target;
var view_url = target.src;
if (target.tagName == "IMG") {
target = target.parentElement;
}
function close_image_view_modal() {
document.getElementById("image_view_modal").classList.add("hidden");
document.getElementById("image_view_image").src = "";
document.getElementById("image_view_file_link").href = "#";
document.getElementById("image_view_url_link").href = "#";
document.body.classList.remove("lock");
};/**
var modal = document.getElementById("image_view_modal");
modal.classList.remove("hidden");
modal.style.top = window.scrollY + "px";
configure_image_view(target, view_url);
document.body.classList.add("lock");
});
$("#close_image_view_modal").click(function () {
document.getElementById("image_view_modal").classList.add("hidden");
document.getElementById("image_view_image").src = "";
document.getElementById("image_view_file_link").href = "#";
document.getElementById("image_view_url_link").href = "#";
document.body.classList.remove("lock");
});
});
;/**
* searx is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
......
This diff is collapsed.
function configure_image_view(target) {
document.getElementById("image_view_image").src = target.href;
document.getElementById("image_view_file_link").href = target.href;
document.getElementById("image_view_url_link").href = target.dataset.url;
}
function show_image_view_modal(event) {
event.preventDefault();
var target = event.target;
if (target.tagName == "IMG") {
target = target.parentElement;
$(document).ready(function(){
function configure_image_view(target, view_url) {
document.getElementById("image_view_image").src = view_url;
document.getElementById("image_view_file_link").href = target.href;
document.getElementById("image_view_url_link").href = target.dataset.url;
}
var modal = document.getElementById("image_view_modal");
modal.classList.remove("hidden");
modal.style.top = window.scrollY + "px";
configure_image_view(target);
document.body.classList.add("lock");
}
$(".result.result-images").click(function (event) {
event.preventDefault();
var target = event.target;
var view_url = target.src;
if (target.tagName == "IMG") {
target = target.parentElement;
}
var modal = document.getElementById("image_view_modal");
modal.classList.remove("hidden");
modal.style.top = window.scrollY + "px";
configure_image_view(target, view_url);
document.body.classList.add("lock");
});
function close_image_view_modal() {
document.getElementById("image_view_modal").classList.add("hidden");
document.getElementById("image_view_image").src = "";
document.getElementById("image_view_file_link").href = "#";
document.getElementById("image_view_url_link").href = "#";
document.body.classList.remove("lock");
}
\ No newline at end of file
$("#close_image_view_modal").click(function () {
document.getElementById("image_view_modal").classList.add("hidden");
document.getElementById("image_view_image").src = "";
document.getElementById("image_view_file_link").href = "#";
document.getElementById("image_view_url_link").href = "#";
document.body.classList.remove("lock");
});
});
......@@ -66,7 +66,7 @@
<div id="image_view_modal" class="hidden">
<div class="card-container">
<div id="image_view_card">
<button onclick="close_image_view_modal()">{{ icon("close") }}</button>
<button id="close_image_view_modal">{{ icon("close") }}</button>
<img id="image_view_image" src="">
<div class="options">
<a id="image_view_file_link" class="btn" {% if results_on_new_tab %}target="_blank" rel="noopener noreferrer"{% else %}rel="noreferrer"{% endif %} href="#">{{_("view file")}}</a>
......
<a href="{{ result.img_src }}" {% if results_on_new_tab %}target="_blank" rel="noopener noreferrer"{% else %}rel="noreferrer"{% endif %} data-url="{{ result.url }}" onclick="show_image_view_modal(event)" class="img-thumb-link">
<a href="{{ result.img_src }}" {% if results_on_new_tab %}target="_blank" rel="noopener noreferrer"{% else %}rel="noreferrer"{% endif %} data-url="{{ result.url }}" id="show_image_view_modal" class="img-thumb-link">
<img src="{% if result.thumbnail_src %}{{ image_proxify(result.thumbnail_src) }}{% else %}{{ image_proxify(result.img_src) }}{% endif %}" alt="{{ result.title|striptags }}" title="{{ result.title|striptags }}" class="img-thumbnail">
<div class="hidden">{{ result.content }}</div>
</a>
\ No newline at end of file
</a>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment