[Freedombox-discuss] SearX, authentication, and use as a browser's search engine

Stefan Monnier monnier at iro.umontreal.ca
Tue Mar 7 23:29:04 GMT 2023

I'm trying to use a personal SearX instance (installed in/via
FreedomBox) as my browser's default search engine, but I keep getting
this error:

    Forbidden (403)
    CSRF verification failed. Request aborted.
    You are seeing this message because this HTTPS site requires a “Referer header” to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.
    If you have configured your browser to disable “Referer” headers, please re-enable them, at least for this site, or for HTTPS connections, or for “same-origin” requests.
    If you are using the <meta name="referrer" content="no-referrer"> tag or including the “Referrer-Policy: no-referrer” header, please remove them. The CSRF protection requires the “Referer” header to do strict referer checking. If you’re concerned about privacy, use alternatives like <a rel="noreferrer" …> for links to third-party sites.
    More information is available with DEBUG=True.

where the URL displayed is something like


I don't always get this error and I'm don't really understand what are the
factors that make it occur.  E.g. right now in my browser, I can
successfully do:
- create a new tab.
- type "stefan emacs" in the URL.
- get a glorious search result from my SearX instance.
Yet at the same time, in another tab that's been around and inactive for
a while, the same steps give me the above error.

Any idea what's going on and/or how to diagnose or fix the underlying problem?


More information about the Freedombox-discuss mailing list