diff --git a/docs/admin/settings/settings_server.rst b/docs/admin/settings/settings_server.rst index cf480683e..7815a2920 100644 --- a/docs/admin/settings/settings_server.rst +++ b/docs/admin/settings/settings_server.rst @@ -14,6 +14,7 @@ limiter: false public_instance: false image_proxy: false + method: "POST" default_http_headers: X-Content-Type-Options : nosniff X-Download-Options : noopen @@ -50,8 +51,21 @@ ``image_proxy`` : ``$SEARXNG_IMAGE_PROXY`` Allow your instance of SearXNG of being able to proxy images. Uses memory space. +``method`` : ``GET`` | ``POST`` + HTTP method. By defaults ``POST`` is used / The ``POST`` method has the + advantage with some WEB browsers that the history is not easy to read, but + there are also various disadvantages that sometimes **severely restrict the + ease of use for the end user** (e.g. back button to jump back to the previous + search page and drag & drop of search term to new tabs do not work as + expected .. and several more). We had a lot of long discussions about the + *pros v2 cons*: + + - `set HTTP GET method by default + `__ + - `http methods GET & POST + `__ + .. _HTTP headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers ``default_http_headers`` : Set additional HTTP headers, see `#755 `__ - diff --git a/searx/settings.yml b/searx/settings.yml index ec72f8736..172098a78 100644 --- a/searx/settings.yml +++ b/searx/settings.yml @@ -100,8 +100,9 @@ server: image_proxy: false # 1.0 and 1.1 are supported http_protocol_version: "1.0" - # POST queries are more secure as they don't show up in history but may cause - # problems when using Firefox containers + # POST queries are "more secure!" but are also the source of hard-to-locate + # annoyances, which is why GET may be better for end users and their browsers. + # see https://github.com/searxng/searxng/pull/3619 method: "POST" default_http_headers: X-Content-Type-Options: nosniff