Project

General

Profile

Actions
Copy link

Bug #7625

closed

User unable to register - gets "Forbidden" message

Added by scott voth about 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority name:
Normal
Assignee:
-
Category name:
Registration
Target version:
Not tracked
Start date:
2017-02-05
Due date:
% Done:

0%

Estimated time:
Deployment actions:

Description

Hi - This is an issue coming from Zendesk. User is trying to register for the Commons and is getting "Forbidden" message. See attached. She is using a cell phone.

Files

forbidden.png (42.8 KB) forbidden.png scott voth, 2017-02-05 01:17 PM
Actions
Copy link
 #1

Updated by Boone Gorges about 7 years ago

  • Status changed from New to Reporter Feedback

Hi Scott - Thanks for the report. Did the user provide any information about exactly how the error was arrived at? Specifically, how did the user first get to the Register page? The Forbidden message is a spam-prevention tool that should only be triggered when the registration form is submitted without first visiting another page on the Commons; is it possible that the user navigated directly to https://commons.gc.cuny.edu/register/ without first visiting another page? (If this is in fact what happened, I still consider it a bug, but knowing one way or the other will help narrow down where to start looking.)

Additionally, it'd be helpful to know whether the user has any non-default settings in the device's browser. Specifically, any settings that prevent the browser from accepting cookies from the Commons have the potential to cause an error like this.

Actions
Copy link
 #2

Updated by scott voth about 7 years ago

Hi Boone - When she first reported the issue I sent her the direct link - so she probably did not visit another Commons page. But on the initial time, she access it via main page. I have asked about her brower settings.

Actions
Copy link
 #3

Updated by Boone Gorges about 7 years ago

Thanks, Scott. Let me know what you hear back.

For my own notes: our cookie-based blocking technique doesn't block only POST, but any visit to /register/ that doesn't contain the proper cookie. Perhaps this should be revisited, since the initial GET request would set the cookie on a normal visit.

Actions
Copy link
 #4

Updated by Boone Gorges about 7 years ago

  • Target version set to Not tracked

Hi Scott - Did you ever hear back from this user?

I'm a bit concerned that this issue pops up more frequently than we hear about, because users who run into the problem simply give up and walk away. I'm going to loosen the restriction, so that only POST requests are blocked. https://github.com/cuny-academic-commons/cac/commit/f32c1f7f0f0b30b3db5a997c2d45be87cd60e3f4

Actions
Copy link
 #5

Updated by Boone Gorges over 6 years ago

  • Status changed from Reporter Feedback to Resolved

Haven't heard back, so I'm assuming it's not a huge issue anymore.

Actions
Copy link

Also available in: Atom PDF