Merge ca85d20204 into cd384a8a60

[upd] pypi: Bump selenium from 4.25.0 to 4.26.1
Bumps [selenium](https://github.com/SeleniumHQ/Selenium) from 4.25.0 to 4.26.1. - [Release notes](https://github.com/SeleniumHQ/Selenium/releases) - [Commits](https://github.com/SeleniumHQ/Selenium/commits) --- updated-dependencies: - dependency-name: selenium dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2024-11-06 10:03:21 +01:00 · 2024-11-06 10:01:13 +01:00 · 2024-11-06 08:16:21 +01:00 · 2024-11-06 08:16:21 +01:00 · 2024-06-28 15:14:33 +02:00
9 changed files with 181 additions and 174 deletions
--- a/.github/workflows/checker.yml
+++ b/.github/workflows/checker.yml
@ -1,5 +1,5 @@
 name: "Checker"
-on:
+on:  # yamllint disable-line rule:truthy
  schedule:
    - cron: "0 4 * * 5"
  workflow_dispatch:
--- a/.github/workflows/data-update.yml
+++ b/.github/workflows/data-update.yml
@ -1,5 +1,5 @@
 name: "Update searx.data"
-on:
+on:  # yamllint disable-line rule:truthy
  schedule:
    - cron: "59 23 28 * *"
  workflow_dispatch:
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@ -1,6 +1,6 @@
 name: Integration

-on:
+on:  # yamllint disable-line rule:truthy
  push:
    branches: ["master"]
  pull_request:
@ -16,7 +16,7 @@ jobs:
    strategy:
      matrix:
        os: [ubuntu-20.04]
-        python-version:  ["3.9", "3.10", "3.11", "3.12",]
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@ -111,7 +111,7 @@ jobs:
          BRANCH: gh-pages
          FOLDER: dist/docs
          CLEAN: true  # Automatically remove deleted files from the deploy branch
-        SINGLE_COMMIT: True
+          SINGLE_COMMIT: true
          COMMIT_MESSAGE: '[doc] build from commit ${{ github.sha }}'

  babel:
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@ -1,5 +1,5 @@
 name: "Security checks"
-on:
+on:  # yamllint disable-line rule:truthy
  schedule:
    - cron: "42 05 * * *"
  workflow_dispatch:
--- a/.github/workflows/translations-update.yml
+++ b/.github/workflows/translations-update.yml
@ -1,5 +1,5 @@
 name: "Update translations"
-on:
+on:  # yamllint disable-line rule:truthy
  schedule:
    - cron: "05 07 * * 5"
  workflow_dispatch:
--- a/docs/admin/settings/settings_server.rst
+++ b/docs/admin/settings/settings_server.rst
@ -14,6 +14,7 @@
       limiter: false
       public_instance: false
       image_proxy: false
+       method: "GET"
       default_http_headers:
         X-Content-Type-Options : nosniff
         X-Download-Options : noopen
@ -50,8 +51,14 @@
 ``image_proxy`` : ``$SEARXNG_IMAGE_PROXY``
  Allow your instance of SearXNG of being able to proxy images.  Uses memory space.

+``method`` : ``GET`` | ``POST``
+  HTTP method.  By defaults ``GET`` is used / The ``POST`` method has the
+  advantage with some WEB browsers that the history is not easy to read, but
+  there are also various disadvantages that sometimes severely restrict the ease
+  of use for the user (e.g. back button to jump back to the previous search
+  page and drag & drop of search term to new tabs do not work as expected).
+
 .. _HTTP headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

 ``default_http_headers`` :
  Set additional HTTP headers, see `#755 <https://github.com/searx/searx/issues/715>`__
-
--- a/2
+++ b/2
@ -57,7 +57,7 @@ while IFS= read -r line; do
    if [ "$line" != "tests/unit/settings/syntaxerror_settings.yml" ]; then
        YAMLLINT_FILES+=("$line")
    fi
-done <<< "$(git ls-files './tests/*.yml' './searx/*.yml' './utils/templates/etc/searxng/*.yml')"
+done <<< "$(git ls-files './tests/*.yml' './searx/*.yml' './utils/templates/etc/searxng/*.yml' '.github/*.yml' '.github/*/*.yml')"

 RST_FILES=(
    'README.rst'
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@ -4,7 +4,7 @@ cov-core==1.15.0
 black==24.3.0
 pylint==3.3.1
 splinter==0.21.0
-selenium==4.25.0
+selenium==4.26.1
 Pallets-Sphinx-Themes==2.3.0
 Sphinx==7.4.7
 sphinx-issues==5.0.0
--- a/searx/settings.yml
+++ b/searx/settings.yml
@ -98,7 +98,7 @@ server:
  http_protocol_version: "1.0"
  # POST queries are more secure as they don't show up in history but may cause
  # problems when using Firefox containers
-  method: "POST"
+  method: "GET"
  default_http_headers:
    X-Content-Type-Options: nosniff
    X-Download-Options: noopen
@ -145,11 +145,11 @@ ui:
 # Lock arbitrary settings on the preferences page.  To find the ID of the user
 # setting you want to lock, check the ID of the form on the page "preferences".
 #
-# preferences:
-#   lock:
+preferences:
+  lock:
+    - method
 #     - language
 #     - autocomplete
-#     - method
 #     - query_in_title

 # searx supports result proxification using an external service:
Author	SHA1	Message	Date
Markus Heiser	67ee9b6816	Merge `ca85d20204` into `cd384a8a60`	2024-11-06 10:03:21 +01:00
dependabot[bot]	cd384a8a60	[upd] pypi: Bump selenium from 4.25.0 to 4.26.1 Bumps [selenium](https://github.com/SeleniumHQ/Selenium) from 4.25.0 to 4.26.1. - [Release notes](https://github.com/SeleniumHQ/Selenium/releases) - [Commits](https://github.com/SeleniumHQ/Selenium/commits) --- updated-dependencies: - dependency-name: selenium dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2024-11-06 10:01:13 +01:00
Markus Heiser	c4055e449f	[fix] issues reported by `make test.yamllint` Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>	2024-11-06 08:16:21 +01:00
Markus Heiser	2fdbf2622b	[mod] lint github YAML config files Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>	2024-11-06 08:16:21 +01:00
Markus Heiser	ca85d20204	[mod] set HTTP GET method by default HTTP GET vs POST ================ Already diskussed in "Method POST harms UX without providing a tangible privacy benefit" [1]. At that time we agreed to POST. However, as we are having more and more drawbacks with POST, I suggest that we reconsider our previous decision. The latest cause was [2], but we also have other problems that negatively affect the UI [1]: * Open Link in New Tab: does not work for our search result tabs because they aren't actual links. * Bookmarking: a search becomes more difficult with POST. You cannot just press a browser keyboard shortcut `Ctrl+D` ... no you have to copy the Search URL from the sidebar. This can pose a real struggle for less technically-minded users. * Sharing: a search with somebody else becomes more difficult with POST (for the same reason). Lock HTTP method in the preferences =================================== If the user changes the HTTP method in his settings, e.g. from GET to POST, but has not removed the SearXNG instance from the WEB browser and added it again, the WEB browser will continue to work with the old setting (GET), while entries in the HTML form use the newly set method (POST). Not realted to this commit, but this complication is also known from autocomplete[3]. Only very few maintainers are aware of this fact and probably none of the users know about it. We should provide a setup in our defaults that is manageable in its entirety and comprehensible for the user. For this reason, the option to select the HTTP method in the preferences is also disabled in this commit. [1] https://github.com/searxng/searxng/issues/711 [2] https://github.com/searxng/searxng/issues/3590 [3] https://github.com/searxng/searxng/pull/2333#issuecomment-1565392120 Closes: https://github.com/searxng/searxng/issues/3590 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>	2024-06-28 15:14:33 +02:00