If noone here has any idea what might be going on or how to investigate
it (how/where to set `DEBUG=True`), maybe someone has an idea of
a better place to send this?
Should I `reportbug` against Plinth?
Stefan
Stefan Monnier [2023-03-07 18:29:04] wrote:
> I'm trying to use a personal SearX instance (installed in/via
> FreedomBox) as my browser's default search engine, but I keep getting
> this error:
>
> Forbidden (403)
>
> CSRF verification failed. Request aborted.
>
> You are seeing this message because this HTTPS site requires a “Referer
> header” to be sent by your Web browser, but none was sent. This header is
> required for security reasons, to ensure that your browser is not being
> hijacked by third parties.
>
> If you have configured your browser to disable “Referer” headers, please
> re-enable them, at least for this site, or for HTTPS connections, or for
> “same-origin” requests.
>
> If you are using the <meta name="referrer" content="no-referrer"> tag or
> including the “Referrer-Policy: no-referrer” header, please remove them. The
> CSRF protection requires the “Referer” header to do strict referer checking.
> If you’re concerned about privacy, use alternatives like <a rel="noreferrer"
> …> for links to third-party sites.
>
> More information is available with DEBUG=True.
>
> where the URL displayed is something like
>
>
> https://<MYSERVER>/plinth/accounts/sso/login/?next=https%3a%2f%2f<MYSERVER>%2fsearx%2fsearch
>
> I don't always get this error and I'm don't really understand what are the
> factors that make it occur. E.g. right now in my browser, I can
> successfully do:
> - create a new tab.
> - type "stefan emacs" in the URL.
> - get a glorious search result from my SearX instance.
> Yet at the same time, in another tab that's been around and inactive for
> a while, the same steps give me the above error.
>
> Any idea what's going on and/or how to diagnose or fix the underlying problem?
>
>
> Stefan
_______________________________________________
Freedombox-discuss mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/freedombox-discuss
