diff --git a/README.md b/README.md index f8f7f5a..2320f04 100644 --- a/README.md +++ b/README.md @@ -164,7 +164,7 @@ See the [available environment variables](#environment-variables) for additional ### F) Manual -*Note: `Content-Security-Policy` headers are already sent by Whoogle -- you don't/shouldn't need to apply a CSP header yourself* +*Note: `Content-Security-Policy` headers can be sent by Whoogle if you set `WHOOGLE_CSP`.* Clone the repo and run the following commands to start the app in a local-only environment: @@ -330,6 +330,7 @@ There are a few optional environment variables available for customizing a Whoog | WHOOGLE_ALT_MD | The medium.com alternative to use when site alternatives are enabled in the config. | | WHOOGLE_AUTOCOMPLETE | Controls visibility of autocomplete/search suggestions. Default on -- use '0' to disable | | WHOOGLE_MINIMAL | Remove everything except basic result cards from all search queries. | +| WHOOGLE_CSP | Sets a default set of 'Content-Security-Policy' headers | ### Config Environment Variables These environment variables allow setting default config values, but can be overwritten manually by using the home page config menu. These allow a shortcut for destroying/rebuilding an instance to the same config state every time. @@ -496,23 +497,26 @@ A lot of the app currently piggybacks on Google's existing support for fetching ## Public Instances -*Note: Use public instances at your own discretion. Maintainers of Whoogle do not personally validate the integrity of these instances, and popular public instances are more likely to be rate-limited or blocked.* - +*Note: Use public instances at your own discretion. The maintainers of Whoogle are only responsible for https://whoogle.fossho.st, and do not personally validate the integrity of any other instances. Popular public instances are more likely to be rate-limited or blocked.* + | Website | Country | Language | Cloudflare | |-|-|-|-| +| [https://whoogle.fossho.st](https://whoogle.fossho.st) | 🇺🇸 US | Multi-choice | | | [https://search.albony.xyz](https://search.albony.xyz/) | 🇮🇳 IN | Multi-choice | | | [https://whoogle.sdf.org](https://whoogle.sdf.org) | 🇺🇸 US | Multi-choice | -| [https://whoogle.kavin.rocks](https://whoogle.kavin.rocks) | 🇮🇳 IN | Unknown | ✅ | | [https://search.garudalinux.org](https://search.garudalinux.org) | 🇩🇪 DE | Multi-choice | | | [https://whooglesearch.net](https://whooglesearch.net) | 🇩🇪 DE | Spanish | | -| [https://search.flawcra.cc](https://search.flawcra.cc) |🇩🇪 DE | Unknown | ✅ | | [https://search.exonip.de](https://search.exonip.de) | 🇳🇱 NL | Multi-choice | | -| [https://s.alefvanoon.xyz](https://s.alefvanoon.xyz) | 🇺🇸 US | English | ✅ | -| [https://search.flux.industries](https://search.flux.industries) | 🇩🇪 DE | German | ✅ | +| [https://s.alefvanoon.xyz](https://s.alefvanoon.xyz) | 🇺🇸 US | Multi-choice | ✅ | | [https://www.whooglesearch.ml](https://www.whooglesearch.ml) | 🇺🇸 US | English | | -| [http://whoogledq5f5wly5p4i2ohnvjwlihnlg4oajjum2oeddfwqdwupbuhqd.onion](http://whoogledq5f5wly5p4i2ohnvjwlihnlg4oajjum2oeddfwqdwupbuhqd.onion) | 🇮🇳 IN | Unknown | | -* A checkmark in the "Cloudflare" category here refers to the use of the reverse proxy, [Cloudflare](https://cloudflare). The checkmark will not be listed for a site which uses Cloudflare DNS but rather the proxying service which grants Cloudflare the ability to monitor traffic to the website. +* A checkmark in the "Cloudflare" category here refers to the use of the reverse proxy, [Cloudflare](https://cloudflare.com). The checkmark will not be listed for a site which uses Cloudflare DNS but rather the proxying service which grants Cloudflare the ability to monitor traffic to the website. + +#### Onion Instances + +| Website | Country | Language | +|-|-|-| +| [http://whoglqjdkgt2an4tdepberwqz3hk7tjo4kqgdnuj77rt7nshw2xqhqad.onion](http://whoglqjdkgt2an4tdepberwqz3hk7tjo4kqgdnuj77rt7nshw2xqhqad.onion) | 🇺🇸 US | Multi-choice ## Screenshots #### Desktop diff --git a/app/routes.py b/app/routes.py index 1790c0d..b949f65 100644 --- a/app/routes.py +++ b/app/routes.py @@ -145,9 +145,14 @@ def before_request_func(): @app.after_request def after_request_func(resp): - resp.headers['Content-Security-Policy'] = app.config['CSP'] - if os.environ.get('HTTPS_ONLY', False): - resp.headers['Content-Security-Policy'] += 'upgrade-insecure-requests' + resp.headers['X-Content-Type-Options'] = 'nosniff' + resp.headers['X-Frame-Options'] = 'DENY' + + if os.getenv('WHOOGLE_CSP', False): + resp.headers['Content-Security-Policy'] = app.config['CSP'] + if os.environ.get('HTTPS_ONLY', False): + resp.headers['Content-Security-Policy'] += \ + 'upgrade-insecure-requests' return resp diff --git a/app/static/css/logo.css b/app/static/css/logo.css index 6aebfa4..0dfe8bb 100644 --- a/app/static/css/logo.css +++ b/app/static/css/logo.css @@ -12,6 +12,7 @@ a { @media (max-width: 1000px) { svg { - margin-top: .7em; + margin-top: .3em; + height: 70%; } } diff --git a/app/static/css/main.css b/app/static/css/main.css index a4179be..e84133a 100644 --- a/app/static/css/main.css +++ b/app/static/css/main.css @@ -144,6 +144,7 @@ footer { .whoogle-svg { width: 80%; + height: initial; display: block; margin: auto; padding-bottom: 10px; diff --git a/app/templates/display.html b/app/templates/display.html index df896b3..3cd76b6 100644 --- a/app/templates/display.html +++ b/app/templates/display.html @@ -5,6 +5,7 @@ + diff --git a/app/templates/index.html b/app/templates/index.html index 079b440..785b5a5 100644 --- a/app/templates/index.html +++ b/app/templates/index.html @@ -21,6 +21,7 @@ + {% if config.theme %} {% if config.theme == 'system' %}