mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-21 09:52:06 +03:00
01d0b2b304
ref https://linear.app/tryghost/issue/KTLO-1/members-spam-signups - Some customers are seeing many spammy signups ("hundreds a day") — our hypothesis is that bots and/or email link checkers are able to signup by simply following the link in the email without even loading the page in a browser. - Currently new members signup by clicking a magic link in an email, which is a simple GET request. When the user (or a bot) clicks that link, Ghost creates the member and signs them in for the first time. - This change, behind an alpha flag, requires a new member to click the link in the email, which takes them to a new frontend route `/confirm_signup/`, then submit a form on the page which sends a POST request to the server. If JavaScript is enabled, the form will be submitted automatically so the only change to the user is an extra flash/redirect before being signed in and redirected to the homepage. - This change is behind the alpha flag `membersSpamPrevention` so we can test it out on a few customer's sites and see if it helps reduce the spam signups. With the flag off, the signup flow remains the same as before. |
||
|---|---|---|
| .. | ||
| __snapshots__ | ||
| announcement.test.js | ||
| create-stripe-checkout-session.test.js | ||
| donation-checkout-session.test.js | ||
| feedback.test.js | ||
| middleware.test.js | ||
| recommendations.test.js | ||
| send-magic-link.test.js | ||
| signin.test.js | ||
| site.test.js | ||
| webhooks.test.js | ||
| well-known.test.js | ||