[Freedombox-discuss] SearX, authentication, and use as a browser's search engine

Stefan Monnier monnier at iro.umontreal.ca
Sat Mar 25 03:13:47 GMT 2023

If noone here has any idea what might be going on or how to investigate
it (how/where to set `DEBUG=True`), maybe someone has an idea of
a better place to send this?
Should I `reportbug` against Plinth?


Stefan Monnier [2023-03-07 18:29:04] wrote:
> I'm trying to use a personal SearX instance (installed in/via
> FreedomBox) as my browser's default search engine, but I keep getting
> this error:
>     Forbidden (403)
>     CSRF verification failed. Request aborted.
>     You are seeing this message because this HTTPS site requires a “Referer header” to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.
>     If you have configured your browser to disable “Referer” headers, please re-enable them, at least for this site, or for HTTPS connections, or for “same-origin” requests.
>     If you are using the <meta name="referrer" content="no-referrer"> tag or including the “Referrer-Policy: no-referrer” header, please remove them. The CSRF protection requires the “Referer” header to do strict referer checking. If you’re concerned about privacy, use alternatives like <a rel="noreferrer" …> for links to third-party sites.
>     More information is available with DEBUG=True.
> where the URL displayed is something like
>     https://<MYSERVER>/plinth/accounts/sso/login/?next=https%3a%2f%2f<MYSERVER>%2fsearx%2fsearch
> I don't always get this error and I'm don't really understand what are the
> factors that make it occur.  E.g. right now in my browser, I can
> successfully do:
> - create a new tab.
> - type "stefan emacs" in the URL.
> - get a glorious search result from my SearX instance.
> Yet at the same time, in another tab that's been around and inactive for
> a while, the same steps give me the above error.
> Any idea what's going on and/or how to diagnose or fix the underlying problem?
>         Stefan

More information about the Freedombox-discuss mailing list