Two questions about adding search engines on iOS

  1. Why is it that I cannot add a search engine that is running over http instead of https? I have a local docker container running SearXNG and it exposes the web interface over HTTP instead of HTTPS. This container is not exposed to the internet.
  2. Why can I add a search engine for normal tab, but not for private tab?

@Mattches would you have any ideas on this? I just went to test on my iPhone and can confirm that when we go to add custom search engine, it doesn’t let you delete or edit the https:// portion, all you can do it type after. Then whatever you add for custom search is only accessible on the Standard Tab setting, but not on the Private Tab.

1 Like

@Toontje,
Do you have the Upgrade connections to HTTPS protection enabled in Shields?

You should be able to add/change search engines for Private tabs just the same way you do standard tabs — Menu --> Settings --> Search Engines --> Private tabs:

Oh I see — I misread this issue, my apologies. Taking another look now.

@Toontje,
So it looks like this actually is intentional on both accounts:

Both were requested by security. That said, I think we’re taking a second look at the custom search engines in private mode implementation and reconsidering. Will link the issue to that when we have it.

1 Like

What is the security reason behind this decision? Because to me it makes sense that if you add a custom search engine, you would want that search engine to work across the board.
What about the mandatory https issue?

I believe the idea is actually to ensure that nothing in “normal”/“standard” browsing mode has any effect on Private browsing — ensuring as little data crossover whatsover. However, as I said preivously:

I am not sure of the exact reason but I assume its simply because HTTPS is more secure than HTTP — plain and simple. HTTP requests are typically sent unencrypted and can be read by anyone who is interested and knowledgable enough to do so. HTTPS encrypts any HTTP requests (and responses) so that it can not be read be an observer, should they be watching this data.

I understand the reason for https over http, but if i explicitly want http for whatever reason, i should be able to use that, right? Isn’t this all about freedom of choice?
So on iOS this is what happens:

Search engine is set to http (you cannot do this straight from the iOS browser, but you can do it on the Mac and then sync the setting :wink:).
Shield for this site is off, so the connection should not be upgraded to https.
Still Brave iOS wants to access the site over https. I think this is a bug. On Mac this works as expected so the “We don’t do HTTP because HTTPS is more secure” doesn’t hold up.

Bug?

BTW, also mentioned here: Disable https ons site-by-site basis

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.