while PR #2357 [1] was being implemented the question came up:
would be better to change the PING resource from CSS to an image so that
some terminal based browser may still able to pass the test [1]
This patch implements a POC in where a <img src=token> tag is loaded instaed a
CSS.
To test this patch activate limiter and link_token method [3] and start a
developer instance::
make run
In your terminal browser open http://127.0.0.1:8888/search?q=foo
If the browser is suitable for the link_token method, it loads the image and the
following messages appear::
DEBUG searx.botdetection.limiter : OK 127.0.0.1/32: /clientft61aak7fzyu6o6v.svg ...
DEBUG searx.botdetection.link_token : token is valid --> True
DEBUG searx.botdetection.link_token : store ping_key for (client) network 127.0.0.1/32 (IP 127.0.0.1) -> SearXNG_limiter.ping[...]
Browsers that do not load images will be blocked: If you try by example::
lynx http://127.0.0.1:8888/search?q=foo
you will see a WARNING message like::
WARNING searx.botdetection.link_token : missing ping (IP: 127.0.0.1/32) / request: SearXNG_limiter.ping[...]
Modern terminal WEB browser do support `<img>` tag as well as CSS:
browsh http://127.0.0.1:8888/search?q=foo
----
[1] 80aaef6c95
[2] https://github.com/searxng/searxng/pull/2357#issuecomment-1574898834
[3] activate limiter and link_token method
```diff
diff --git a/searx/botdetection/limiter.toml b/searx/botdetection/limiter.toml
index 71a231e8f..7e1dba755 100644
--- a/searx/botdetection/limiter.toml
+++ b/searx/botdetection/limiter.toml
@@ -17,6 +17,6 @@ ipv6_prefix = 48
filter_link_local = false
# acrivate link_token method in the ip_limit method
-link_token = false
+link_token = true
diff --git a/searx/settings.yml b/searx/settings.yml
index a82a3432d..e7b983afc 100644
--- a/searx/settings.yml
+++ b/searx/settings.yml
@@ -73,7 +73,7 @@ server:
# public URL of the instance, to ensure correct inbound links. Is overwritten
# by ${SEARXNG_URL}.
base_url: false # "http://example.com/location"
- limiter: false # rate limit the number of request on the instance, block some bots
+ limiter: true # rate limit the number of request on the instance, block some bots
# If your instance owns a /etc/searxng/settings.yml file, then set the following
# values there.
```
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
All favicons implementations have been documented and moved to the Python
package:
searx.favicons
There is a configuration (based on Pydantic) for the favicons and all its
components:
searx.favicons.config
A solution for caching favicons has been implemented:
searx.favicon.cache
If the favicon is already in the cache, the returned URL is a data URL [1]
(something like `data:image/png;base64,...`). By generating a data url from
the FaviconCache, additional HTTP roundtripps via the favicon_proxy are saved:
favicons.proxy.favicon_url
The favicon proxy service now sets a HTTP header "Cache-Control: max-age=...":
favicons.proxy.favicon_proxy
The resolvers now also provide the mime type (data, mime):
searx.favicon.resolvers
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
In its previous implementation, the macro ``checkbox_onoff_reversed`` always
created an ``aria-labelledby`` attribute, even if there was no descriptive tag
with the generated ID (used as the value of the ``aria-labelledby``).
Before this patch, the Nu-HTML-Checker [1] reported 255 issues of this type::
The aria-labelledby attribute must point to an element in the same document. (255)
[1] https://validator.w3.org/nu/
Signed-off-by: Markus <markus@venom.fritz.box>
The ``aria-labelledby`` [1] attribute identifies the element that labels the
element it is applied to. The templates ``infinite_scroll.html`` and
``search_on_category_select.html`` define a ``aria-labelledby`` at the <input>
tag but miss the id in the <div> with the description.
[1] https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/Attributes/aria-labelledby
Signed-off-by: Markus <markus@venom.fritz.box>
In my review of [1] I tried to reformat the template code of the language
menue whereby I have made two mistakes.
- default language was added twice
- in the 'Auto-detect' item a hard coded `[auto]` was implemented where the
`search_language` variable was needed.
[1] https://github.com/searxng/searxng/issues/3645
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
If the flag icon is first, it prevents easily searching the select list on the
keyboard. By moving the icon fully to the right, this will enable a user to
search the select list.
Closes: https://github.com/searxng/searxng/issues/3645
The use of img_src AND thumbnail in the default results makes no sense (only a
thumbnail is needed). In the current state this is rather confusing, because
img_src is displayed like a thumbnail (small) and thumbnail is displayed like an
image (large).
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Previously only result urls were set to open in new tab by default, this should
make the behaviour consistent.
Also adds the missing rel="noreferrer" to the anchor tag. Although this should
not be needed as long as the `referrer-policy: no-referrer` header is set, it's
always nice to play safer than to have to say sorry. For example some reverse
proxy configurations might strip off unwhitelisted headers in which case it's
nice to have this set.
