Labels Milestones

New Issue

Requiring a manual button click before confirmation #12

Closed

opened 5 years ago by jonas · 3 comments

jonas commented 5 years ago

This is really stupid, but it seems as if Outlook (and possibly other mail clients) either pre-fetch web pages linked from an email, or send the links to Bing for indexing. See this Stackoverflow question:

https://stackoverflow.com/questions/41699071/bingpreview-invalidates-one-time-links-in-email

What this means is someone using Outlook might receive our confirmation mail, but when they click the link, Bing has already hit the link which makes them receive a 404, since the confirmation link is no longer valid. We can purposefully deny Bing any access here, which seems sensible, but the long-term answer is probably to change our logic.

When someone clicks the link, they should be greeted with a web page on which they must click a button to proceed. And that button should be linked with rel="nofollow" or similar, but I'm honestly not sure if that actually prevents web crawlers from clicking that button!

This is really stupid, but it seems as if Outlook (and possibly other mail clients) either pre-fetch web pages linked from an email, or send the links to Bing for indexing. See this Stackoverflow question: https://stackoverflow.com/questions/41699071/bingpreview-invalidates-one-time-links-in-email What this means is someone using Outlook might receive our confirmation mail, but when they click the link, Bing has already hit the link which makes them receive a 404, since the confirmation link is no longer valid. We can purposefully deny Bing any access here, which seems sensible, but the long-term answer is probably to change our logic. When someone clicks the link, they should be greeted with a web page on which they must click a button to proceed. And that button should be linked with rel="nofollow" or similar, but I'm honestly *not sure* if that actually prevents web crawlers from clicking that button!

max.mehl added the

prio:mid

label 4 years ago

max.mehl commented 3 years ago

Owner

As we were discussing in reuse/api#10, it would be good if each application could have an optional "name" value which could be displayed on the confirmation page. This way, even if forms is generally FSFE branded, people coming from external pages like PMPC or REUSE could see that they actually sign up for what they came for.

As we were discussing in https://git.fsfe.org/reuse/api/issues/10, it would be good if each application could have an optional "name" value which could be displayed on the confirmation page. This way, even if forms is generally FSFE branded, people coming from external pages like PMPC or REUSE could see that they actually sign up for what they came for.

max.mehl changed title from Stop Bing (and others) from hitting the URLs, by enforcing a click to Requiring a manual button click before confirmation 12 months ago

max.mehl commented 12 months ago

Owner

We've received word that Microsoft 365 Outlook servers do the same. So this seems to be a more wide-spread issue. Increasing the prio therefore.

We've received word that Microsoft 365 Outlook servers do the same. So this seems to be a more wide-spread issue. Increasing the prio therefore.

max.mehl added

prio:high

and removed

prio:mid

labels 12 months ago

max.mehl referenced this issue from fsfe-system-hackers/fsfe-cd 7 months ago

One-time login links invalidated by some providers/antivirus #129

florian.vuillemot was assigned by max.mehl 3 months ago

linus referenced this issue from fsfe-system-hackers/fsfe-cd 3 months ago

WIP: hotfixing invalidated login links #158

reinhard referenced a pull request from fsfe-system-hackers/fsfe-cd that will close this issue 3 months ago

WIP: hotfixing invalidated login links #158

linus referenced this issue from fsfe-system-hackers/fsfe-cd 3 months ago

fixing invalidated login links #159

linus referenced a pull request from fsfe-system-hackers/fsfe-cd that will close this issue 3 months ago

WIP: hotfixing invalidated login links #158

reinhard referenced this issue from fsfe-system-hackers/fsfe-cd 3 months ago

WIP: hotfixing invalidated login links #158

linus referenced this issue from fsfe-system-hackers/fsfe-cd 3 months ago

WIP: hotfixing invalidated login links #158

max.mehl referenced this issue 2 months ago

Requiring a click to confirm the ID #71

max.mehl commented 2 months ago

Owner

Fixed by #71

Fixed by #71

max.mehl closed this issue 2 months ago

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

migration-to-cont2-noris

renovate/redis-7.x

Labels

Apply labels

Clear labels

bug duplicate enhancement help wanted invalid prio:high prio:low prio:mid question wontfix

No Label bug duplicate enhancement help wanted invalid prio:high prio:low prio:mid question wontfix

Milestone

Set milestone

Clear milestone

No items

No Milestone

Assignees

Assign users

Clear assignees

No Assignees

florian.vuillemot

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview

Loading…

Cancel

Save

There is no content yet.