The CSP is safety belt to make sure the user query is not sent to a third party: I prefer to keep it and implement searxng/searxng#140

I agree with alex 👍

Yes, searxng/searxng#140 is a much better solution ... this PR can only be a workaround for an intermediate solution ... @dalf it's up to you, if you think we better should not merge such a workaround, please close this PR. Since I don't use docker myself this should only be a suggestion / For me it would be fully OK to close the PR.

I prefer to implement the double redirect as described by @sevmonster and keep the CSP header as it is.

The issue is not about Docker: the CSP header should be set in all SearXNG instances. Also, the installation scripts should set them in the same way ( = not third party can received the query).

[EDIT] there is no need to update the installation scripts ; we "just" need to implement searxng/searxng#140