[doc] adds the missing documentation of the server.method settings.

Browse Source 
TL;DR; For all the issues that comes with HTTP POST I recommend instance
maintainers to switch to GET and lock the property in the preferences:

```yaml
server:
  method: GET

preferences:
  lock:
    - method
```

We don't want this in the defaults of the SearXNG distributions for the pros vs
cons listed in this discussion:

- https://github.com/searxng/searxng/pull/3619
This commit is contained in:
Markus Heiser 2024-06-28 14:47:22 +02:00
parent 738906358b
commit f4250b6d40
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/admin/settings/settings_server.rst
View File

@ -14,6 +14,7 @@
limiter: false limiter: false
public_instance: false public_instance: false
image_proxy: false image_proxy: false
method: "POST"
default_http_headers: default_http_headers:
X-Content-Type-Options : nosniff X-Content-Type-Options : nosniff
X-Download-Options : noopen X-Download-Options : noopen
@ -50,8 +51,21 @@
``image_proxy`` : ``$SEARXNG_IMAGE_PROXY`` ``image_proxy`` : ``$SEARXNG_IMAGE_PROXY``
Allow your instance of SearXNG of being able to proxy images. Uses memory space. Allow your instance of SearXNG of being able to proxy images. Uses memory space.
``method`` : ``GET`` | ``POST``
HTTP method. By defaults ``POST`` is used / The ``POST`` method has the
advantage with some WEB browsers that the history is not easy to read, but
there are also various disadvantages that sometimes **severely restrict the
ease of use for the end user** (e.g. back button to jump back to the previous
search page and drag & drop of search term to new tabs do not work as
expected .. and several more). We had a lot of long discussions about the
*pros v2 cons*:
- `set HTTP GET method by default
<https://github.com/searxng/searxng/pull/3619>`__
- `http methods GET & POST
<https://github.com/search?q=repo%3Asearxng%2Fsearxng+label%3A%22http+methods+GET+%26+POST%22>`__
.. _HTTP headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers .. _HTTP headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
``default_http_headers`` : ``default_http_headers`` :
Set additional HTTP headers, see `#755 <https://github.com/searx/searx/issues/715>`__ Set additional HTTP headers, see `#755 <https://github.com/searx/searx/issues/715>`__

5
searx/settings.yml
View File

@ -100,8 +100,9 @@ server:
image_proxy: false image_proxy: false
# 1.0 and 1.1 are supported # 1.0 and 1.1 are supported
http_protocol_version: "1.0" http_protocol_version: "1.0"
# POST queries are more secure as they don't show up in history but may cause # POST queries are "more secure!" but are also the source of hard-to-locate
# problems when using Firefox containers # annoyances, which is why GET may be better for end users and their browsers.
# see https://github.com/searxng/searxng/pull/3619
method: "POST" method: "POST"
default_http_headers: default_http_headers:
X-Content-Type-Options: nosniff X-Content-Type-Options: nosniff