I am very much not a developer, so please excuse and point out any silly stuff
I use the HTML variant of DuckDuckGo available at https://html.duckduckgo.com/html/. I added the search engine by going to the aforementioned URL and right-clicking in the address bar and adding the search engine. As of the recent version 2.2.0 Vimium seems to be using search.query() to perform a search using the browser’s default search engine.
Interestingly, this broke the search functionality for me. I looked into it a bit and reported the issue on the Vimium issue tracker, where the kind GitHub user philg-dev took the time to investigate.
They came to the conclusion that what’s probably going on is that as the DuckDuckGo HTML and Lite variants specify POST as the request method in their OpenSearch description the “POST requests through Vimium result in failure due to the Content Security Policy, since Vimium’s Vomnibar sends an HTTP POST request with Origin: moz-extension://964d1f78-8013-445f-b3d0-4cace47a2eb4, which obviously doesn’t align with anything that is defined in DDG’s CSP.”
As I’ve mentioned I am no developer, so I’m very unsure, but I feel like perhaps this isn’t how it’s supposed to be? My impression is that search.query() is supposed to allow to perform a search just like the browser would. Of course, I might be very wrong!
Is there nothing that may be improved on the side of the browser? Is this just how it is and should be and the DuckDuckGo HTML and Lite variants should use GET requests if they want this use case to work?
Anyway, I’m very curious to hear any thoughts on this matter.
A workaround is to change/remove the Origin header with declarativeNetRequest.
But I don’t know if this is a clean solution - maybe there’s a better one.
Vimium doesn’t even have to do this itself.
It’s enough to install the attached extension.
This strikes me as a Firefox bug. I double checked the OpenSearch declaration embeded on https://html.duckduckgo.com/html and verified that it explicitly declares it uses a POST method.