Block multiple form submits on application form. #4452
Conversation
frjo
added
Type: Enhancement
|
That's super strange, I tried network throttling in Firefox but couldn't replicate. Maybe I should also try it in Safari. I think this solution is nice! Do you think any server side validation would be worthwhile to add a hurdle to some spam attacks? Seems like something like this would be easy to script just based off this bug |
|
I added the following to stop some spam years back: hypha/hypha/static_src/javascript/application-form.js Lines 57 to 80 in 31fb7e4 This code stops some scripts from posting since you need to move mouse/press key/touch screen before you can submit form. Do you have more ideas how to limit spam postings? |
|
I was thinking maybe a server side submit cooldown and a daily submission limit but that's out of scope of this PR, this fix seems good to me for this! |
|
Yes, this is a quick fix. For logged in users we could definitely add a check to warn/block them from submitting more than one application to each round/lab per hour or so. We should also alert users if they have a draft belonging to a round/lab when they visit the application form. |
wes-otf
added
Status: Tested - approved for live ✅
and removed
Status: Needs testing
Fixes #4348
Before this js snippet it was possible on a slow network to post a application form multiple times by rapidly clicking the submit button multiple times.
Would be neat to use aplinejs for this everywhere but it interfere with the current "unlockApplicationForm" feature that we use to block some spam.
Test Steps