[GH-ISSUE #721] bug with session expire,redirects,http,mayby my fault? don't know #463

New issue

Closed

opened 2026-02-25 20:35:49 +03:00 by kerem · 2 comments

kerem commented

2026-02-25 20:35:49 +03:00

Owner

Originally created by @DEvmIb on GitHub (Apr 15, 2022).
Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/721

Describe the bug

using firefox.
right click on text -> search whoogle
2.1 same when enter search in searchbox and enter
firefox goes to https://whoogle.example.com/search (post)
whoogle redirect to http://whoogle.example.com/session/421b30f2-1e22-4e5f-8c35-7c83d8436014?follow=https%3A%2F%2Fwhoogle.example.com%2F (plain http)
nginx return 301 https://$host$request_uri (post redirect cannot work)
now i land on main whoogle site and have to manual enter my search.

Deployment Method

Heroku (one-click deploy)
Docker
run executable
pip/pipx
Other: [describe setup]

Version of Whoogle Search

Latest build from [source] (i.e. GitHub, Docker Hub, pip, etc)
Version [version number]
Not sure

Desktop (please complete the following information):

OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]

firefox 99.0

Additional context

HTTPS_ONLY=0 or HTTPS_ONLY=1 makes no difference
WHOOGLE_CONFIG_URL ist set to https://whoogle.example.com/
WHOOGLE_CONFIG_GET_ONLY=1 works

whoogle seems to give me (after expire old session?) new one and using http://

is this session stuff needed? why not just using cookies?

Originally created by @DEvmIb on GitHub (Apr 15, 2022). Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/721 **Describe the bug** 1. using firefox. 2. right click on text -> search whoogle 2.1 same when enter search in searchbox and enter 4. firefox goes to https://whoogle.example.com/search (post) 5. whoogle redirect to http://whoogle.example.com/session/421b30f2-1e22-4e5f-8c35-7c83d8436014?follow=https%3A%2F%2Fwhoogle.example.com%2F (plain http) 6. nginx return 301 https://$host$request_uri (post redirect cannot work) 7. now i land on main whoogle site and have to manual enter my search. **Deployment Method** - [ ] Heroku (one-click deploy) - [ ] Docker - [x] `run` executable - [ ] pip/pipx - [ ] Other: [describe setup] **Version of Whoogle Search** - [x] Latest build from [source] (i.e. GitHub, Docker Hub, pip, etc) - [ ] Version [version number] - [ ] Not sure **Desktop (please complete the following information):** - OS: [e.g. iOS] - Browser [e.g. chrome, safari] - Version [e.g. 22] - firefox 99.0 **Additional context** HTTPS_ONLY=0 or HTTPS_ONLY=1 makes no difference WHOOGLE_CONFIG_URL ist set to https://whoogle.example.com/ WHOOGLE_CONFIG_GET_ONLY=1 works whoogle seems to give me (after expire old session?) new one and using http:// is this session stuff needed? why not just using cookies?

kerem

2026-02-25 20:35:49 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-25 20:35:49 +03:00

Author

Owner

@kodekebles commented on GitHub (Apr 23, 2022):

Literally just registered to report this. I'm experiencing the exact behavior with an entirely different stack, namely using docker, through nginx via caprover. It appears to be same thing you're reporting, firefox POSTs to the HTTP site, it 307 redirects to the HTTPS version including the session ID URI but while forcing the cookies to expire? (i'm a layman forgive if that's incorrect, but during one of the redirects it appears to be setting a cookie that expires 1970, which i assume is just to force expire it), then 307 to /search (where it's expecting you to have POSTed a query) and you just get dumped back to the index because there's no data.

One mitigation I just found is that enabling HTTPS-only mode in firefox seems to allow it to work by virtue of just submitting the original request via HTTPS.

Honestly, could this be chalked up to a firefox "issue" or just odd behavior maybe? Should it not generally attempt to connect via HTTPS to search engines in the first place? I think that expectation is what confused me the most about this. But I'm generally fine with HTTPS-only mode on anyway, but it'd still be nice if this were worked around or documented somewhere.

@kodekebles commented on GitHub (Apr 23, 2022): Literally just registered to report this. I'm experiencing the exact behavior with an entirely different stack, namely using docker, through nginx via caprover. It appears to be same thing you're reporting, firefox POSTs to the HTTP site, it 307 redirects to the HTTPS version including the session ID URI but while forcing the cookies to expire? (i'm a layman forgive if that's incorrect, but during one of the redirects it appears to be setting a cookie that expires 1970, which i assume is just to force expire it), then 307 to /search (where it's expecting you to have POSTed a query) and you just get dumped back to the index because there's no data. One mitigation I just found is that enabling HTTPS-only mode in firefox seems to allow it to work by virtue of just submitting the original request via HTTPS. Honestly, could this be chalked up to a firefox "issue" or just odd behavior maybe? Should it not generally attempt to connect via HTTPS to search engines in the first place? I think that expectation is what confused me the most about this. But I'm generally fine with HTTPS-only mode on anyway, but it'd still be nice if this were worked around or documented somewhere.

kerem commented

2026-02-25 20:35:49 +03:00

Author

Owner

@nakoo commented on GitHub (May 1, 2022):

I believe this issue has been fixed by adding X-Forwarded-Proto header.
Have you still suffered the issue?

https://github.com/benbusby/whoogle-search/pull/731

@nakoo commented on GitHub (May 1, 2022): I believe this issue has been fixed by adding `X-Forwarded-Proto` header. Have you still suffered the issue? https://github.com/benbusby/whoogle-search/pull/731

kerem referenced this issue

2026-02-25 20:37:00 +03:00

[PR #463] [MERGED] Implement scribe.rip replacement for medium.com #884