starred/whoogle-search
1
0
Fork 0
mirror of https://github.com/benbusby/whoogle-search.git synced 2026-04-25 04:05:57 +03:00
Code Issues 9 Projects Releases Packages Wiki Activity

[GH-ISSUE #178] [BUG] opensearch.xml file served from HTTPS deployment mandates HTTP links instead of HTTPS #126

New issue
Closed
opened 2026-02-25 20:34:57 +03:00 by kerem · 6 comments
kerem commented 2026-02-25 20:34:57 +03:00
Owner
Copy link

Originally created by @github-ronk on GitHub (Jan 21, 2021).
Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/178

Describe the bug

The opensearch.xml file served from HTTPS deployment mandates HTTP links instead of HTTPS.
One effect of this, is that when deploying on Heroku, adding it as a Firefox search engine and searching from the URL bar, the search query will be sent in plain text, not encrypted.

To Reproduce
Steps to reproduce the behavior:

  1. Deploy on Heroku, open Firefox and make sure it doesn't have the "HTTPS only" setting checked.
  2. Download the file https://________.herokuapp.com/opensearch.xml
  3. Observe the links under moz:SearchForm and in the "application/x-suggestions+json" template - they are HTTP.

Additionally:
4. Perform a search on this instance from Firefox URL bar
5. Observe the query in the Web Console - it is an HTTP query.
6. Same for the suggestions queries that are emitted when typing.

Deployment Method

  • Heroku (one-click deploy)
  • Docker
  • run executable
  • pip/pipx
  • Other: [describe setup]

Version of Whoogle Search

  • Latest build from [source] (i.e. GitHub, Docker Hub, pip, etc)
  • Version [0.3.0]
  • Not sure

Comment
A temporary workaround is to enable the global "HTTPS only" setting in Firefox. But this impacts all sites, not just Whoogle.

Originally created by @github-ronk on GitHub (Jan 21, 2021). Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/178 **Describe the bug** The opensearch.xml file served from HTTPS deployment mandates HTTP links instead of HTTPS. One effect of this, is that when deploying on Heroku, adding it as a Firefox search engine and searching from the URL bar, the search query will be sent in plain text, not encrypted. **To Reproduce** Steps to reproduce the behavior: 1. Deploy on Heroku, open Firefox and make sure it doesn't have the "HTTPS only" setting checked. 2. Download the file _https://__________.herokuapp.com/opensearch.xml_ 3. Observe the links under _<moz:SearchForm>_ and in the _"application/x-suggestions+json"_ template - they are HTTP. Additionally: 4. Perform a search on this instance from Firefox URL bar 5. Observe the query in the Web Console - it is an HTTP query. 6. Same for the suggestions queries that are emitted when typing. **Deployment Method** - [x] Heroku (one-click deploy) - [ ] Docker - [ ] `run` executable - [ ] pip/pipx - [ ] Other: [describe setup] **Version of Whoogle Search** - [ ] Latest build from [source] (i.e. GitHub, Docker Hub, pip, etc) - [x] Version [0.3.0] - [ ] Not sure **Comment** A temporary workaround is to enable the global "HTTPS only" setting in Firefox. But this impacts all sites, not just Whoogle.
kerem 2026-02-25 20:34:57 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-25 20:34:57 +03:00
Author
Owner
Copy link

@github-ronk commented on GitHub (Jan 21, 2021):

Actually it seems the heroku-app branch has not been updated for 0.3.0, After delete and re-deploy on Heroku we still have 0.2.1 there...

<!-- gh-comment-id:764538521 --> @github-ronk commented on GitHub (Jan 21, 2021): Actually it seems the heroku-app branch has not been updated for 0.3.0, After delete and re-deploy on Heroku we still have 0.2.1 there...
kerem commented 2026-02-25 20:34:57 +03:00
Author
Owner
Copy link

@benbusby commented on GitHub (Jan 21, 2021):

Actually it seems the heroku-app branch has not been updated for 0.3.0, After delete and re-deploy on Heroku we still have 0.2.1 there...

Thanks for pointing that out. I just updated the heroku-app branch, try with the latest version and let me know if you're still seeing that issue.

<!-- gh-comment-id:764798554 --> @benbusby commented on GitHub (Jan 21, 2021): > Actually it seems the heroku-app branch has not been updated for 0.3.0, After delete and re-deploy on Heroku we still have 0.2.1 there... Thanks for pointing that out. I just updated the `heroku-app` branch, try with the latest version and let me know if you're still seeing that issue.
kerem commented 2026-02-25 20:34:57 +03:00
Author
Owner
Copy link

@github-ronk commented on GitHub (Jan 23, 2021):

Actually it seems the heroku-app branch has not been updated for 0.3.0, After delete and re-deploy on Heroku we still have 0.2.1 there...

Thanks for pointing that out. I just updated the heroku-app branch, try with the latest version and let me know if you're still seeing that issue.

The update works fine, now 0.3.0 is deployed.

The issue still exists.

Thanks for looking into it.

<!-- gh-comment-id:765907087 --> @github-ronk commented on GitHub (Jan 23, 2021): > > Actually it seems the heroku-app branch has not been updated for 0.3.0, After delete and re-deploy on Heroku we still have 0.2.1 there... > > Thanks for pointing that out. I just updated the `heroku-app` branch, try with the latest version and let me know if you're still seeing that issue. The update works fine, now 0.3.0 is deployed. The issue still exists. Thanks for looking into it.
kerem commented 2026-02-25 20:34:57 +03:00
Author
Owner
Copy link

@benbusby commented on GitHub (Jan 23, 2021):

I just pushed an update which I confirmed fixes this. Please try pulling the latest changes and trying again, and let me know if that fixes it for you.

Keep in mind that Firefox (and probably other browsers) tend to cache the opensearch xml file, so if it doesn't work right away, try clearing cached data for the site and reattempting to add it.

<!-- gh-comment-id:766169475 --> @benbusby commented on GitHub (Jan 23, 2021): I just pushed an update which I confirmed fixes this. Please try pulling the latest changes and trying again, and let me know if that fixes it for you. Keep in mind that Firefox (and probably other browsers) tend to cache the opensearch xml file, so if it doesn't work right away, try clearing cached data for the site and reattempting to add it.
kerem commented 2026-02-25 20:34:57 +03:00
Author
Owner
Copy link

@github-ronk commented on GitHub (Jan 24, 2021):

I just pushed an update which I confirmed fixes this. Please try pulling the latest changes and trying again, and let me know if that fixes it for you.

Keep in mind that Firefox (and probably other browsers) tend to cache the opensearch xml file, so if it doesn't work right away, try clearing cached data for the site and reattempting to add it.

Yes, getting HTTPS now on Heroku after re-deployment. Many thanks. Closing this.

<!-- gh-comment-id:766311360 --> @github-ronk commented on GitHub (Jan 24, 2021): > I just pushed an update which I confirmed fixes this. Please try pulling the latest changes and trying again, and let me know if that fixes it for you. > > Keep in mind that Firefox (and probably other browsers) tend to cache the opensearch xml file, so if it doesn't work right away, try clearing cached data for the site and reattempting to add it. Yes, getting HTTPS now on Heroku after re-deployment. Many thanks. Closing this.
kerem commented 2026-02-25 20:34:57 +03:00
Author
Owner
Copy link

@github-ronk commented on GitHub (Jan 24, 2021):

Confirmed Fixed in latest 0.3.0 on Heroku.

<!-- gh-comment-id:766311445 --> @github-ronk commented on GitHub (Jan 24, 2021): Confirmed Fixed in latest 0.3.0 on Heroku.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/pip/python-dotenv-1.2.2
v1.2.4
v1.2.3
v1.2.2
v1.2.1-test
v1.1.2
v1.1.1-beta
v1.1.0
v1.1.0-beta
v1.0.0-beta
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.4
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.1
v0.4.0
v0.3.2
v0.3.1
v0.3.0
v0.2.1
0.2.0
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.1
Labels
Clear labels   
Fixed (Pending PR Merge)

   
Stale

   
bug

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
keep-open

   
needs more info

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
theme

   
unfortunate
No labels
Fixed (Pending PR Merge)
Stale
bug
enhancement
enhancement
good first issue
help wanted
keep-open
needs more info
pull-request
question
theme
unfortunate
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/whoogle-search#126
No description provided.