User unable to register - gets "Forbidden" message
Hi - This is an issue coming from Zendesk. User is trying to register for the Commons and is getting "Forbidden" message. See attached. She is using a cell phone.
#1 Updated by Boone Gorges about 2 years ago
- Status changed from New to Reporter Feedback
Hi Scott - Thanks for the report. Did the user provide any information about exactly how the error was arrived at? Specifically, how did the user first get to the Register page? The Forbidden message is a spam-prevention tool that should only be triggered when the registration form is submitted without first visiting another page on the Commons; is it possible that the user navigated directly to https://commons.gc.cuny.edu/register/ without first visiting another page? (If this is in fact what happened, I still consider it a bug, but knowing one way or the other will help narrow down where to start looking.)
Additionally, it'd be helpful to know whether the user has any non-default settings in the device's browser. Specifically, any settings that prevent the browser from accepting cookies from the Commons have the potential to cause an error like this.
#3 Updated by Boone Gorges about 2 years ago
Thanks, Scott. Let me know what you hear back.
For my own notes: our cookie-based blocking technique doesn't block only POST, but any visit to /register/ that doesn't contain the proper cookie. Perhaps this should be revisited, since the initial GET request would set the cookie on a normal visit.
#4 Updated by Boone Gorges about 2 years ago
- Target version set to Not tracked
Hi Scott - Did you ever hear back from this user?
I'm a bit concerned that this issue pops up more frequently than we hear about, because users who run into the problem simply give up and walk away. I'm going to loosen the restriction, so that only POST requests are blocked. https://github.com/cuny-academic-commons/cac/commit/f32c1f7f0f0b30b3db5a997c2d45be87cd60e3f4