Registration page 403 error
A professor's reported hitting somewhat regular 403 errors on the /register page, and her students have as well. See attached. Any idea what could be causing this?
Updated by Boone Gorges over 1 year ago
We have some spam-prevention rules in place that forbid access to https://commons.gc.cuny.edu/register/ when you don't a particular cookie. This cookie is set when you visit any other Commons page. As such, if you try to visit https://commons.gc.cuny.edu/register/ directly via a link, never having visited the Commons before, you might see this error.
You could also see it if your browser has extremely strict rules about accepting cookies, though I'd be surprised if this were the case for a large number of students.
Ray, I wonder if it's worth revisiting this rule. Browser cookie policies have become more strict over time, and I wonder if it's becoming more likely that we'll incorrectly trigger 403s of this sort. What do you think?
Updated by Raymond Hoh over 1 year ago
Browser cookie policies have become more strict over time, and I wonder if it's becoming more likely that we'll incorrectly trigger 403s of this sort. What do you think?
More browsers are now disabling third-party cookies. However, the cookie that we check at registration is a first-party cookie. Meaning the majority of users should be okay except those blocking all cookies from being saved. For the latter, this would be a very, small number if I had to guess.
However, it is much more likely for users to have adblockers with the EasyPrivacy filter list enabled. That filter list has a rule, which will block the registration cookie from being saved. See #15685, #11078 for previous instances.
Updated by Marilyn Weber over 1 year ago
We had had this same problem in May -
At the time, I wrote:
Our dev team says:
I've ran into this before. The problem is with an adblock filter list:
They are blocking the Cookies for Comments asset needed to set the anti-spam cookie.
Tell the user to disable the Fanboy Annoyance List to workaround this.
the user is probably using uBlock Origin or Adblock Plus.
Can you tell the user to uncheck the "Easylist Cookie" and "Fanboy's Annoyance" filter lists in their adblocking extension?