Bug #16499
closed
Registration page 403 error
Added by Colin McDonald over 2 years ago.
Updated over 1 year ago.
Description
A professor's reported hitting somewhat regular 403 errors on the /register page, and her students have as well. See attached. Any idea what could be causing this?
Files
We have some spam-prevention rules in place that forbid access to https://commons.gc.cuny.edu/register/ when you don't a particular cookie. This cookie is set when you visit any other Commons page. As such, if you try to visit https://commons.gc.cuny.edu/register/ directly via a link, never having visited the Commons before, you might see this error.
You could also see it if your browser has extremely strict rules about accepting cookies, though I'd be surprised if this were the case for a large number of students.
Ray, I wonder if it's worth revisiting this rule. Browser cookie policies have become more strict over time, and I wonder if it's becoming more likely that we'll incorrectly trigger 403s of this sort. What do you think?
Browser cookie policies have become more strict over time, and I wonder if it's becoming more likely that we'll incorrectly trigger 403s of this sort. What do you think?
More browsers are now disabling third-party cookies. However, the cookie that we check at registration is a first-party cookie. Meaning the majority of users should be okay except those blocking all cookies from being saved. For the latter, this would be a very, small number if I had to guess.
However, it is much more likely for users to have adblockers with the EasyPrivacy filter list enabled. That filter list has a rule, which will block the registration cookie from being saved. See #15685, #11078 for previous instances.
We had had this same problem in May -
At the time, I wrote:
Our dev team says:
I've ran into this before. The problem is with an adblock filter list:
They are blocking the Cookies for Comments asset needed to set the anti-spam cookie.
Tell the user to disable the Fanboy Annoyance List to workaround this.
the user is probably using uBlock Origin or Adblock Plus.
Can you tell the user to uncheck the "Easylist Cookie" and "Fanboy's Annoyance" filter lists in their adblocking extension?
- Status changed from New to Resolved
- Target version set to Not tracked
Marking this ticket resolved due to inactivity.
Also available in: Atom
PDF