DuckDuckGo URL search uses GET method
Categories
(Firefox :: Search, enhancement)
Tracking
()
People
(Reporter: nofof51235, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Steps to reproduce:
If you search DDG using the URL bar, you would expect a POST method as it happens on their website.
Actual results:
Query gets stored in the URL, resulting in GET method. If you search again using the actual DDG website form, it uses the more secure POST method.
Expected results:
It should use the POST method, just as it does on DDG's own website, for consistency and enhanced security.
|
Reporter | |
Comment 1•4 years ago
|
||
As for the version of FF not matching my user agent: I tried the newest one and the problem is still there.
|
||
Comment 2•4 years ago
|
||
| workaround | ||
(In reply to Kamil Moner from comment #0)
POST method as it happens on their website.
GET is the default. You only get POST if you disable GET on the settings page.
You can left-click one of the following engines on the Mycroft Project to install it:
While you have GET disabled on the settings page, you can also right-click the search field and choose Add a Keyword for this Search… but the resulting search bookmark can't be set as a default search engine.
|
||
Comment 3•4 years ago
|
||
So from a security perspective POST requests are no more secure than GET requests, some people do prefer POST for the privacy preferences of not having the search term exposed in the url, but that has tradeoffs including as mentioned not being able to bookmark or share urls etc
Users have to manually set duckduckgo to use POST requests they use GET by default, similiarly with our default it is GET by default and users can optionally use the above link to install one that does a POST, https://duckduckgo.com/lite/also uses POST
Description
•