[Freedombox-discuss] Forbidden (403) when contacting searx since changed FreedomBox release.

[A. F. Cano]

Hello,

Some weeks ago I started using a brand new FreedomBox image (stable)
since the previous one had developed many serious problems.  I managed
to install a subset of the apps I had and it's working well.  However,
I'm getting

Forbidden (403)

CSRF verification failed. Request aborted.

You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests.

If you are using the <meta name="referrer" content="no-referrer"> tag or including the 'Referrer-Policy: no-referrer' header, please remove them. The CSRF protection requires the 'Referer' header to do strict referer checking. If you're concerned about privacy, use alternatives like <a rel="noreferrer" ...> for links to third-party sites.

More information is available with DEBUG=True.

When I try to search.  Always from the search bar in Firefox and
sometimes from the searx page.

I have set the default search engine on firefox to the FreedomBox searx.
It used to work fine in the old one, now I get this.  Firefox is set to
send the referer header.  From about:config:

network.http.sendRefererHeader	2

Any idea what I can try to fix this?  The computer I'm using Firefox on
runs buster/oldstable, up to date,  soon to be remedied with an upgrade
as soon as I can be sure I'm not going to hose the machine I use all the
time.

Thanks.

Augustine