Closed supermamie closed 2 years ago
anmol26s
commented
5 years ago This is not related to error in packaging. This is default behavior of any app which is behind SSO. You can tweak the apps as you described, but these are hard to implement while installation because there are many more this kind of user customization that would be possible and making an option for each one at the time of installation would not be possible.
supermamie
commented
5 years ago I thought this was an issue as this kind of behavior is done for example in FreshRSS where API endpoints are always public even if the instance itself is behind the SSO. Same thing for Lutim where the interface is protected, but links for the images are public.
anmol26s
commented
5 years ago If you login to the SSO and even then you are not able to add Searx to the Firefox search panel then this can be an issue. I have not tried Searx behind SSO in my case so I really don't have idea if this would compromise Searx being behind SSO. Maybe other core app developers have there point of view here.
supermamie
commented
5 years ago Yes, I was logged in the SSO and was able to do some searchs. It seems that the call to the xml is done in another sandbox, or something like this.
The only problem I see with making this url public is that a web crawler trying /opensearch.xml on all domains can find that there is a SearX instance there (but can not do searchs on it)
maniackcrudelis
commented
5 years ago The thing is, if your searx is private but /opensearch.xml isn't for your firefox. What will prevent me or anyone else to use that same address on his firefox ? Which means that your searx will no longer be fully private. So, it could be an option, but not the default behavior.
I don't know how FreshRSS is working, but usually an API is using a key or something like that to restrict the access. There's no such thing for searx.
So, this possibility could be added later with the config-panel feature.
supermamie
commented
5 years ago opensearch.xml is not the url used for searchs, it is just the descriptor of the search engine.
Depending on how you configured your parameters in your cookies in searx, it will contain either
<Url type="text/html" method="get" template="https://search.myserver.fr/search?q={searchTerms}"/>
or
<Url type="text/html" method="post" template="https://search.myserver.fr/"><Param name="q" value="{searchTerms}"/></Url>
(plus the description of the search engine, url to favicon, and autocomplete)
So the search engine is not public even if the descriptor is.
And for FreshRSS, that's true, the API require a key.
For Lutim (image sharing), the images are public, but the interface to upload them is private.
If you want I can send you the full url of my SearX instance for tests.
djibux
commented
5 years ago I managed to bypass this by adding
search.myserver.fr/opensearch.xmlin the skipped_urls of /etc/ssowat/conf.jsonThis could be done at installation time.
I second that. Thanks for pointing out a solution.
djibux
commented
5 years ago I am guessing adding a line like that in the install script would do the trick
ynh_app_setting_set searx skipped_uris "/opensearch.xmp"The following, in a terminal, does work:
sudo yunohost app setting searx skipped_uris -v "/opensearch.xml"
sudo yunohost app ssowatconf
Thatoo
commented
4 years ago Has it been done? Can we close this issue then?
djibux
commented
4 years ago Well it still needs to be done manually. I didn't try to update the install script.
El-Gavy
commented
3 years ago Just leaving a message because i have the same need :)
yalh76
commented
2 years ago tested with 1.0.0~ynh5 and working
I just installed SearX on my server, telling Yunohost to put it behind the SSO. I then tried to add this search engine in Firefox and got an error. I managed to bypass this by adding
search.myserver.fr/opensearch.xmlin the skipped_urls of /etc/ssowat/conf.jsonThis could be done at installation time.