I'm trying to use a personal SearX instance (installed in/via
FreedomBox) as my browser's default search engine, but I keep getting
this error:
Forbidden (403)
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a “Referer
header” to be sent by your Web browser, but none was sent. This header is
required for security reasons, to ensure that your browser is not being
hijacked by third parties.
If you have configured your browser to disable “Referer” headers, please
re-enable them, at least for this site, or for HTTPS connections, or for
“same-origin” requests.
If you are using the <meta name="referrer" content="no-referrer"> tag or
including the “Referrer-Policy: no-referrer” header, please remove them. The
CSRF protection requires the “Referer” header to do strict referer checking. If
you’re concerned about privacy, use alternatives like <a rel="noreferrer" …>
for links to third-party sites.
More information is available with DEBUG=True.
where the URL displayed is something like
https://<MYSERVER>/plinth/accounts/sso/login/?next=https%3a%2f%2f<MYSERVER>%2fsearx%2fsearch
I don't always get this error and I'm don't really understand what are the
factors that make it occur. E.g. right now in my browser, I can
successfully do:
- create a new tab.
- type "stefan emacs" in the URL.
- get a glorious search result from my SearX instance.
Yet at the same time, in another tab that's been around and inactive for
a while, the same steps give me the above error.
Any idea what's going on and/or how to diagnose or fix the underlying problem?
Stefan
_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
