Bug #2553
closedCan't post comments with jetpack enabled
0%
Description
Not sure if this is a new problem or something that has existed for some time, but with the jetpack plugin enabled, the comments system won't work if a user is not logged in with a commons account. The plugin replaces the built-in comment system with a multiple system (wordpress.com, facebook, etc.) login and if a user is logged in to anything other than the commons, hitting submit displays an error page with the text, "You are seeing this message because you have attempted to log into the CUNY Academic Commons using an unauthorized automated access method."(see attached screenshot, taken from http://studyofreligion.gc.cuny.edu)
Disabling jetpack or disabling the comments functionality of jetpack (which takes some digging through the jetpack interface to accomplish) both solve this problem, but the multiple login functionality of the jetpack comment system is actually quite nice so it's a shame to have to disable it.
Files
Updated by Matt Gold over 11 years ago
- Category name set to WordPress (misc)
- Status changed from New to Assigned
- Assignee set to Boone Gorges
- Severity set to Low impact
Updated by Boone Gorges over 11 years ago
- Assignee changed from Boone Gorges to local admin
- Target version set to 1.4.27
This is due to some changes recently made on the Commons to prevent spam and other sorts of attacks on the site.
André, it looks like Jetpack works by hijacking (benevolently) the comment form, processing the user-submitted comment on their remote servers, and then beaming the comment back via POST request to wp-comments-post.php. That means that I need to whitelist their domain in my .htaccess rule. Could you please do me a favor and grep over the access logs for the past month or so, looking for POST requests to wp-comment-post.php? I'm pretty sure that the only domain I need to whitelist is jetpack.wordpress.com, but I want to glance at the relevant logs to be sure.
Updated by local admin over 11 years ago
Boone, the default log format doesn't capture originating domain, only IP address. Here's some typical entries:
172.255.81.94 - - [01/May/2013:13:54:43 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 5588 96.47.225.82 - - [01/May/2013:13:54:47 -0400] "POST /wp-comments-post.php HTTP/1.1" 500 5508 186.4.110.36 - - [01/May/2013:13:55:03 -0400] "POST /wp-comments-post.php HTTP/1.1" 500 5476 37.59.76.162 - - [01/May/2013:13:55:06 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 5394 142.0.139.189 - - [01/May/2013:13:55:22 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 7246 142.0.139.189 - - [01/May/2013:13:55:35 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 7188 142.0.139.189 - - [01/May/2013:13:55:41 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 7265 142.0.139.189 - - [01/May/2013:13:55:41 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 7255 182.52.119.152 - - [01/May/2013:13:55:42 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 5355 142.0.139.189 - - [01/May/2013:13:55:49 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 7366 142.0.139.189 - - [01/May/2013:13:55:53 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 7250 142.0.139.189 - - [01/May/2013:13:56:04 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 7308 77.120.242.3 - - [01/May/2013:13:56:16 -0400] "POST /wp-comments-post.php HTTP/1.1" 500 5821 142.0.139.189 - - [01/May/2013:13:56:20 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 7180 219.224.101.81 - - [01/May/2013:13:56:50 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 6098 142.0.139.189 - - [01/May/2013:13:56:54 -0400] "POST /wp-comments-post.php HTTP/1.0" 500 7189
Updated by Boone Gorges over 11 years ago
- Assignee changed from local admin to Boone Gorges
Oh, ok. I will contact my folks at Automattic to see if I can get it straight from the horse's mouth. Thanks, André.
Updated by Boone Gorges over 11 years ago
- Status changed from Assigned to Hold
I've added jetpack.wordpress.com to the whitelist in https://github.com/castiron/cac/commit/bcedf1f9918e92ea57bc16798c1188adffbfc1bd. I will check to be sure that this fixes the issue after deployment.
Updated by Boone Gorges over 11 years ago
- Status changed from Hold to Resolved
The fix is live and confirmed working. Thanks for your patience.