forked from zaclys/searxng
6b59800dc6
The suggested configurations for nginx found in the documentation and templates lead to vulnerabilities allowing host spoofing [1] and path traversal [2], as reported by Gixy [3]. This commit fixes those issues. [1] https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md [2] https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md [3] https://github.com/yandex/gixy |
||
---|---|---|
.. | ||
_themes/searx | ||
admin | ||
blog | ||
build-templates | ||
dev | ||
static/img | ||
user | ||
utils | ||
conf.py | ||
index.rst |