You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 7, 2023. It is now read-only.
Is your feature request related to a problem? Please describe.
When using double-bangs with POST requests, the site you will be redirected to must be added to form-action CSP else it will be blocked for violation.
Describe the solution you'd like
Find a way to not send form data when redirecting to another site with double-bangs so that every engine does not need to be added to CSP.
Describe alternatives you've considered
Started adding sites to CSP—it quickly becomes unmaintainable.
Example
On my server, try to search for "Nagios !!alternativeto". Since
I did not add alternativeto.net to form-action, this is the result:
I somehow managed to open this in the completely wrong repository... But I will leave it open here though in case this is an issue that vanilla searx suffers from. Feel free to close if this is not applicable.
Is your feature request related to a problem? Please describe.
When using double-bangs with POST requests, the site you will be redirected to must be added to
form-action
CSP else it will be blocked for violation.Describe the solution you'd like
Find a way to not send form data when redirecting to another site with double-bangs so that every engine does not need to be added to CSP.
Describe alternatives you've considered
Started adding sites to CSP—it quickly becomes unmaintainable.
Example
On my server, try to search for "Nagios !!alternativeto". Since
I did not add
alternativeto.net
toform-action
, this is the result:Additional context
Related: searxng/searxng#140
The text was updated successfully, but these errors were encountered: