[BUG] Whoogle Link redirecting to one with cookies disabled #749
Comments
This right here. |
|
I think @benbusby should document what causes this to happen. What are the causes of cookies being disabled when you have this behind a reverse proxy. It's not very user friendly. |
|
I found this bug since 0.7.0 version. This bug is not presented in old 0.6.0. version. So I'm using 0.6.0 till it will be fixed in 0.7.... |
|
I just pushed a commit that should fix the issue documented here (accessing a Whoogle instance from an external link causing configuration/cookies to be disabled). The cause of this was the As far as how this
In short, this solution was devised as a way to create a mostly equal "session experience" for users and instance maintainers without A) relying on users to enable Javascript, B) causing runaway session creation for public instance maintainers, and C) allowing users with cookies blocked to still be able to use Whoogle, albeit in a diminished capacity. Let me know if anyone needs any clarification regarding anything I've mentioned. |
|
Thanks! The commit referenced fixed an unrelated bug where the CSS sometimes didn't load. Not sure what cookies had to do with it though. |
* Render error message w/o `safe` filter The error message shown in the error template does not need to be rendered using the safe filter, and furthermore opens up an XSS vulnerability. * Only create ip card if main result div is found The ip address card that is created for searches like "my ip" only needs to be created/inserted if a main result div id is found. Fixes benbusby#735 * Remove unused `/url` endpoint The `/url` endpoint was previously used as a way of mirroring the `/url?q=<result domain>` formatting of locations in search results from Google. Rather than have this unnecessary intermediary step, the result path was extracted and used as the immediate path for each result item instead. This endpoint hasn't been in use for many versions and has been in need of removal for quite some time. * Bump version to 0.7.2 * Fix pipx dependencies (benbusby#738) Missing cssutils * Remove "/" before endpoints & tags (benbusby#734) Removes the leading slash before imgres and other endpoints Fix benbusby#733 * Add `WHOOGLE_URL_PREFIX` to app.json (benbusby#737) * Update zh-tw translation (benbusby#736) * Fix german translation error (benbusby#742) "Nachrichten" is the correct translation of "News" * Replace public instance url s.alefvanoon.xyz -> s.tokhmi.xyz Fixes benbusby#743 * Use `window` from Endpoint enum for anon view (benbusby#748) Removes previously hardcoded "/window" from anon view links * Update and add instances [skip ci] (benbusby#750) Updates Garudalinux instance Add dr460nf1r3.org instance * Use `lax` for session `SameSite` value (not `strict`) SESSION_COOKIE_SAMESITE must be set to 'lax' to allow the user's previous session to persist when accessing the instance from an external link. Setting this value to 'strict' causes Whoogle to revalidate a new session, and fail, resulting in cookies being disabled. This could be re-evaluated if Whoogle ever switches to client side configuration instead. Fixes benbusby#749 * Improve G page distinction between footer and results Pages in the Whoogle footer that by default route to Google pages were previously being removed, but caused results that also routed to similar pages to no longer be accessible. This was due to the removal of the '/url' endpoint that Google uses for each result. To fix this, the result link is now parsed so that the domain of the result can be checked against the disallowed G page list. Since results are delivered in a "/url?q=<domain>" format -- even for pages to Google's own products -- and the footer links are formatted as "<product>.google.com", footer links are removed and result links are parsed correctly. Fixes benbusby#747 * Replace leading slash for image links (benbusby#762) The leading slash was previously removed without noticing it was part of a string replacement in benbusby#734. This caused the href of "View Image" contain a leading "/" which is wrong. * Remove duplicated handling of /url result links (benbusby#769) It appears that result links beginning with '/url' were mistakenly commited with an inefficient filtering process in its place. With the way the code is structured, this less effective '/url' link filter took precedence over the previous link filter, and also caused users with the "open link in new tab" config enabled to no longer have access to that feature. Fixes benbusby#769 Co-authored-by: Ben Busby <contact@benbusby.com> Co-authored-by: Sandro <sandro.jaeckel@gmail.com> Co-authored-by: invis-z <22781620+invis-z@users.noreply.github.com> Co-authored-by: xatier <xatierlike@gmail.com> Co-authored-by: hoschi1337 <58056262+hoschi1337@users.noreply.github.com> Co-authored-by: Nico <njcrypted@protonmail.com> Co-authored-by: Joao A. Candido Ramos <joao.candido@etu.unige.ch>
|
@benbusby Facing the same issue with 0.7.3. Any solution? |
Hello, I am using a local instance of Whoogle. Navigating the to the page http://localhost:5000/ Works completely fine, but if I try accessing it from my startpage: https://fxzzi.github.io/startpage/ It sends me to the link http://localhost:5000/?cookies_disabled=1
This occurs on Firefox and Librewolf. I am not sure whether it's a problem with Whoogle or Librewolf.
The text was updated successfully, but these errors were encountered: