Thank you, that helped :)

I am not entirely sure why you need to do all that but I am trying a different approach and allowing a small entrypoint to set PGID and PUID (which you should be able to set as env variables in the docker-compose.yml file).

This should allow you to run the app as whatever user you wish. It works for me locally, it’s currently on the develop image if you wanna give it a spin and report back. Otherwise it’ll be added in the next release.

Defaults are still 1000:1000.

Hey sorry for the delay, dealing with a lot right now, but I didn’t forget about it.

1 - Fixed this, the api key is now only forwarded if the destination hostname matches the plugin’s stored url. 2 - As I was saying, the allowlist is opt-in by design (null = allow all), and plugins legitimately need to make arbitrary outbound requests. Enforcing it globally would break the plugin system. 3 - Fixed this, it was quite simple 4 - I have added an env var (DEGOOG_DISTRUST_PROXY), if set to true it’ll make it so all users share the same rate limit regardless of their IPs, I left it as an opt in as most users currently running it are only keeping it private behind their own in house reverse proxies. This will be handy for a public instance for example 5 - Extension settings modal now correctly sends x-settings-token on save. 6 - As I said, auth is intentionally lax until a more structured auth system is added, may need to be a few weeks after stable is live, after all there’s no real auth and the setting password protected and private view should be secure enough as it is

btw all this is not live yet, it’ll be sent live with the next release ♥

Madness, wasn’t expected to get any coverage for it until it was out of beta 😆

Thanks, I’ll individually look into all of these ♥️ I’ll say some of them are more conscious compromises for the sake of an open scalable system where third party extensions can truly edit anything (intentionally) and everything around Auth/secure cookie is also fairly lax due to the fact the Auth is just a protection for the settings (which literally stop the settings from being served by the client), in the moment I decide to add some more structured Auth system/maybe users I’ll look into proper secure cookie handling.

This is an awesome report, thank you so much for sharing it!!!

degoog Dev here, definitely not vibecoded. Would you be able to tell me all these whack of privacy issues? I thought I had everything covered, but if you found something concerning it’d be nice to know before I get it out of beta :)

Hey, not sure what you mean, it works perfectly fine as rootless. Are you using docker or podman? Someone else had this issue with podman and we couldn’t figure out why it was different for them.

Everyone else is running this as user 1000, which is what the standard compose requires?

YES please, if you could let me know if you figure this one out it’d be great, especially if it’s due to podman so I can send a message in my discord for the other user who was struggling with it :)

Aw thank you so much for giving it a try and leaving such a nice feedback ♥️ I am searching in a slightly different way than searxng, can’t promise it’ll work forever but for now it seems to be doing the trick ♥️ I have some more improvements to the search system coming with the next release as Bing does get blocked quite often for me.

P.s. have you been using any extensions? If so what’s your fave so far? Haha

Hi, this needs to be selfhosted in order for you to use it, it’s not an app :) You can definitely use it from IOS once you have it running tho

Hey thank you!

The issue with GitHub alternatives is the lack of runners/pipelines and restricting functionalities.

Gitlab is a good alternative but I use it for work and having two accounts juggling between work/personal projects is a recipe for disaster.

I spent a bit of time on codeberg and I am checking it out, happy to push the repo there too, but they don’t seem to provide pipeline options, so I wouldn’t be able to build the docker image there like I do on GitHub :)

Btw whilst I do believe into the whole Microsoft scraping projects to train AI regardless of licenses, I wouldn’t say they are hostile towards open source. They actually are extremely for it, vscode is free and one of the best IDEs out there for example, GitHub free plan is VERY generous and they have a whole FREE coding academy with extremely in-depth courses on how to learn programming and various niche topics. And they integrated wsl to seamlessly run Linux commands within windows, which I never thought I’d see happen (been there for years, but I’m just giving you examples).

I can see a dogdog theme about to happen 🤣

Yaaas! Let me know how you get on with it ♥️

YES! Customisation is the main reason why I went out of my way to build it, and other stuff I listed in another comment in the thread :)

Thank you, if you ever end up making a store with your own plugins/themes and so on just lemme know and I’ll add it to the repo, it’d be cool to have a list of available stores already in the beta version, so when I go out of beta it’ll feel like a much more mature product <3