[doc] adds the missing documentation of the server.method settings.

TL;DR; For all the issues that comes with HTTP POST I recommend instance maintainers to switch to GET and lock the property in the preferences: ```yaml server: method: GET preferences: lock: - method ``` We don't want this in the defaults of the SearXNG distributions for the pros vs cons listed in this discussion: - https://github.com/searxng/searxng/pull/3619
2025-02-20 12:20:04 +00:00 · 2024-06-28 14:47:22 +02:00 · 2024-06-28 14:47:22 +02:00 · f4250b6d40
commit f4250b6d40
parent 738906358b
2 changed files with 18 additions and 3 deletions
--- a/docs/admin/settings/settings_server.rst
+++ b/docs/admin/settings/settings_server.rst
@ -14,6 +14,7 @@
       limiter: false
       public_instance: false
       image_proxy: false
+       method: "POST"
       default_http_headers:
         X-Content-Type-Options : nosniff
         X-Download-Options : noopen
@ -50,8 +51,21 @@
 ``image_proxy`` : ``$SEARXNG_IMAGE_PROXY``
  Allow your instance of SearXNG of being able to proxy images.  Uses memory space.

+``method`` : ``GET`` | ``POST``
+  HTTP method.  By defaults ``POST`` is used / The ``POST`` method has the
+  advantage with some WEB browsers that the history is not easy to read, but
+  there are also various disadvantages that sometimes **severely restrict the
+  ease of use for the end user** (e.g. back button to jump back to the previous
+  search page and drag & drop of search term to new tabs do not work as
+  expected .. and several more).  We had a lot of long discussions about the
+  *pros v2 cons*:
+
+  - `set HTTP GET method by default
+    <https://github.com/searxng/searxng/pull/3619>`__
+  - `http methods GET & POST
+    <https://github.com/search?q=repo%3Asearxng%2Fsearxng+label%3A%22http+methods+GET+%26+POST%22>`__
+
 .. _HTTP headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

 ``default_http_headers`` :
  Set additional HTTP headers, see `#755 <https://github.com/searx/searx/issues/715>`__
-
--- a/searx/settings.yml
+++ b/searx/settings.yml
@ -100,8 +100,9 @@ server:
  image_proxy: false
  # 1.0 and 1.1 are supported
  http_protocol_version: "1.0"
-  # POST queries are more secure as they don't show up in history but may cause
-  # problems when using Firefox containers
+  # POST queries are "more secure!" but are also the source of hard-to-locate
+  # annoyances, which is why GET may be better for end users and their browsers.
+  # see https://github.com/searxng/searxng/pull/3619
  method: "POST"
  default_http_headers:
    X-Content-Type-Options: nosniff