[GH-ISSUE #721] bug with session expire,redirects,http,mayby my fault? don't know #463

Closed
opened 2026-02-25 20:35:49 +03:00 by kerem · 2 comments
Owner

Originally created by @DEvmIb on GitHub (Apr 15, 2022).
Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/721

Describe the bug

  1. using firefox.
  2. right click on text -> search whoogle
    2.1 same when enter search in searchbox and enter
  3. firefox goes to https://whoogle.example.com/search (post)
  4. whoogle redirect to http://whoogle.example.com/session/421b30f2-1e22-4e5f-8c35-7c83d8436014?follow=https%3A%2F%2Fwhoogle.example.com%2F (plain http)
  5. nginx return 301 https://$host$request_uri (post redirect cannot work)
  6. now i land on main whoogle site and have to manual enter my search.

Deployment Method

  • Heroku (one-click deploy)
  • Docker
  • run executable
  • pip/pipx
  • Other: [describe setup]

Version of Whoogle Search

  • Latest build from [source] (i.e. GitHub, Docker Hub, pip, etc)
  • Version [version number]
  • Not sure

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Version [e.g. 22]

firefox 99.0

Additional context

HTTPS_ONLY=0 or HTTPS_ONLY=1 makes no difference
WHOOGLE_CONFIG_URL ist set to https://whoogle.example.com/
WHOOGLE_CONFIG_GET_ONLY=1 works

whoogle seems to give me (after expire old session?) new one and using http://

is this session stuff needed? why not just using cookies?

Originally created by @DEvmIb on GitHub (Apr 15, 2022). Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/721 **Describe the bug** 1. using firefox. 2. right click on text -> search whoogle 2.1 same when enter search in searchbox and enter 4. firefox goes to https://whoogle.example.com/search (post) 5. whoogle redirect to http://whoogle.example.com/session/421b30f2-1e22-4e5f-8c35-7c83d8436014?follow=https%3A%2F%2Fwhoogle.example.com%2F (plain http) 6. nginx return 301 https://$host$request_uri (post redirect cannot work) 7. now i land on main whoogle site and have to manual enter my search. **Deployment Method** - [ ] Heroku (one-click deploy) - [ ] Docker - [x] `run` executable - [ ] pip/pipx - [ ] Other: [describe setup] **Version of Whoogle Search** - [x] Latest build from [source] (i.e. GitHub, Docker Hub, pip, etc) - [ ] Version [version number] - [ ] Not sure **Desktop (please complete the following information):** - OS: [e.g. iOS] - Browser [e.g. chrome, safari] - Version [e.g. 22] - firefox 99.0 **Additional context** HTTPS_ONLY=0 or HTTPS_ONLY=1 makes no difference WHOOGLE_CONFIG_URL ist set to https://whoogle.example.com/ WHOOGLE_CONFIG_GET_ONLY=1 works whoogle seems to give me (after expire old session?) new one and using http:// is this session stuff needed? why not just using cookies?
kerem 2026-02-25 20:35:49 +03:00
  • closed this issue
  • added the
    bug
    label
Author
Owner

@kodekebles commented on GitHub (Apr 23, 2022):

Literally just registered to report this. I'm experiencing the exact behavior with an entirely different stack, namely using docker, through nginx via caprover. It appears to be same thing you're reporting, firefox POSTs to the HTTP site, it 307 redirects to the HTTPS version including the session ID URI but while forcing the cookies to expire? (i'm a layman forgive if that's incorrect, but during one of the redirects it appears to be setting a cookie that expires 1970, which i assume is just to force expire it), then 307 to /search (where it's expecting you to have POSTed a query) and you just get dumped back to the index because there's no data.

One mitigation I just found is that enabling HTTPS-only mode in firefox seems to allow it to work by virtue of just submitting the original request via HTTPS.

Honestly, could this be chalked up to a firefox "issue" or just odd behavior maybe? Should it not generally attempt to connect via HTTPS to search engines in the first place? I think that expectation is what confused me the most about this. But I'm generally fine with HTTPS-only mode on anyway, but it'd still be nice if this were worked around or documented somewhere.

<!-- gh-comment-id:1107356396 --> @kodekebles commented on GitHub (Apr 23, 2022): Literally just registered to report this. I'm experiencing the exact behavior with an entirely different stack, namely using docker, through nginx via caprover. It appears to be same thing you're reporting, firefox POSTs to the HTTP site, it 307 redirects to the HTTPS version including the session ID URI but while forcing the cookies to expire? (i'm a layman forgive if that's incorrect, but during one of the redirects it appears to be setting a cookie that expires 1970, which i assume is just to force expire it), then 307 to /search (where it's expecting you to have POSTed a query) and you just get dumped back to the index because there's no data. One mitigation I just found is that enabling HTTPS-only mode in firefox seems to allow it to work by virtue of just submitting the original request via HTTPS. Honestly, could this be chalked up to a firefox "issue" or just odd behavior maybe? Should it not generally attempt to connect via HTTPS to search engines in the first place? I think that expectation is what confused me the most about this. But I'm generally fine with HTTPS-only mode on anyway, but it'd still be nice if this were worked around or documented somewhere.
Author
Owner

@nakoo commented on GitHub (May 1, 2022):

I believe this issue has been fixed by adding X-Forwarded-Proto header.
Have you still suffered the issue?

https://github.com/benbusby/whoogle-search/pull/731

<!-- gh-comment-id:1114357878 --> @nakoo commented on GitHub (May 1, 2022): I believe this issue has been fixed by adding `X-Forwarded-Proto` header. Have you still suffered the issue? https://github.com/benbusby/whoogle-search/pull/731
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/whoogle-search#463
No description provided.