mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-25 03:44:29 +03:00
01d0b2b304
ref https://linear.app/tryghost/issue/KTLO-1/members-spam-signups - Some customers are seeing many spammy signups ("hundreds a day") — our hypothesis is that bots and/or email link checkers are able to signup by simply following the link in the email without even loading the page in a browser. - Currently new members signup by clicking a magic link in an email, which is a simple GET request. When the user (or a bot) clicks that link, Ghost creates the member and signs them in for the first time. - This change, behind an alpha flag, requires a new member to click the link in the email, which takes them to a new frontend route `/confirm_signup/`, then submit a form on the page which sends a POST request to the server. If JavaScript is enabled, the form will be submitted automatically so the only change to the user is an extra flash/redirect before being signed in and redirected to the homepage. - This change is behind the alpha flag `membersSpamPrevention` so we can test it out on a few customer's sites and see if it helps reduce the spam signups. With the flag off, the signup flow remains the same as before. |
||
---|---|---|
.. | ||
content | ||
core | ||
test | ||
.c8rc.e2e.json | ||
.c8rc.json | ||
.eslintignore | ||
.eslintrc.js | ||
.npmignore | ||
config.development.json | ||
ghost.js | ||
index.js | ||
jsconfig.json | ||
loggingrc.js | ||
MigratorConfig.js | ||
monobundle.js | ||
package.json | ||
playwright.config.js |