zaclys/searxng
1
0
Fork 1
mirror of https://github.com/searxng/searxng synced 2024-01-01 19:24:07 +01:00
Code Issues Projects Releases Packages Wiki Activity
searxng/docs/admin/settings/settings_server.rst
Markus Heiser ca85d20204 [mod] set HTTP GET method by default 
HTTP GET vs POST
================

Already diskussed in "Method POST harms UX without providing a tangible privacy
benefit" [1].  At that time we agreed to POST.  However, as we are having more
and more drawbacks with POST, I suggest that we reconsider our previous
decision. The latest cause was [2], but we also have other problems that
negatively affect the UI [1]:

* Open Link in New Tab: does not work for our search result tabs because they
  aren't actual links.

* Bookmarking: a search becomes more difficult with POST. You cannot just press
  a browser keyboard shortcut `Ctrl+D` ... no you have to copy the Search URL from
  the sidebar. This can pose a real struggle for less technically-minded users.

* Sharing: a search with somebody else becomes more difficult with POST (for
  the same reason).

Lock HTTP method in the preferences
===================================

If the user changes the HTTP method in his settings, e.g. from GET to POST, but
has not removed the SearXNG instance from the WEB browser and added it again,
the WEB browser will continue to work with the old setting (GET), while entries
in the HTML form use the newly set method (POST). Not realted to this commit,
but this complication is also known from autocomplete[3].

Only very few maintainers are aware of this fact and probably none of the users
know about it.  We should provide a setup in our defaults that is manageable in
its entirety and comprehensible for the user.  For this reason, the option to
select the HTTP method in the preferences is also disabled in this commit.

[1] https://github.com/searxng/searxng/issues/711
[2] https://github.com/searxng/searxng/issues/3590
[3] https://github.com/searxng/searxng/pull/2333#issuecomment-1565392120

Closes: https://github.com/searxng/searxng/issues/3590
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2024-06-28 15:14:33 +02:00

2.2 KiB
Raw Blame History

server:

server:
    base_url: http://example.org/location  # change this!
    port: 8888
    bind_address: "127.0.0.1"
    secret_key: "ultrasecretkey"           # change this!
    limiter: false
    public_instance: false
    image_proxy: false
    method: "GET"
    default_http_headers:
      X-Content-Type-Options : nosniff
      X-Download-Options : noopen
      X-Robots-Tag : noindex, nofollow
      Referrer-Policy : no-referrer
base_url : $SEARXNG_URL

The base URL where SearXNG is deployed. Used to create correct inbound links.

port & bind_address: $SEARXNG_PORT & $SEARXNG_BIND_ADDRESS

Port number and bind address of the SearXNG web application if you run it directly using python searx/webapp.py. Doesn't apply to a SearXNG services running behind a proxy and using socket communications.

secret_key : $SEARXNG_SECRET

Used for cryptography purpose.

limiter : $SEARXNG_LIMITER

Rate limit the number of request on the instance, block some bots. The limiter requires a settings redis database.

public_instance : $SEARXNG_PUBLIC_INSTANCE

Setting that allows to enable features specifically for public instances (not needed for local usage). By set to true the following features are activated:

  • :pysearx.botdetection.link_token in the limiter
image_proxy : $SEARXNG_IMAGE_PROXY

Allow your instance of SearXNG of being able to proxy images. Uses memory space.

method : GET | POST

HTTP method. By defaults GET is used / The POST method has the advantage with some WEB browsers that the history is not easy to read, but there are also various disadvantages that sometimes severely restrict the ease of use for the user (e.g. back button to jump back to the previous search page and drag & drop of search term to new tabs do not work as expected).

default_http_headers :

Set additional HTTP headers, see #755