Show an error page when click track fails

riking · March 9, 2018, 4:51pm

Continuing the discussion from Linkify words in post, theme component:

The click track / topic link extraction code has had more than its fair share of bugs in the past, and it’s past due to come up with a mitigation so that the next of these bugs to come up doesn’t completely break people’s experience.

When it can’t identify the link in the post, show a page that lets people (1) still visit links even if something’s messing with the click tracking system and (2) also prevents the forum from being used as an open redirect.

An apologetic interstitial, with the forum branding (layout: no_ember) and in a style reminiscent of Chrome’s SSL error pages, should be fine.

At a code level, the problem is the conflation of the two conditions here. If redirect=false is specified, the link was opened in a new tab and this was fetched in the background. But if @redirect_url is blank, the code couldn’t verify the link and should really show an error message instead of absolutely nothing.

https://github.com/discourse/discourse/blob/7f69362/app/controllers/clicks_controller.rb#L20-L26

codinghorror · March 9, 2018, 8:59pm

Maybe cook up a PR here?

sam · March 9, 2018, 10:03pm

Yeah this does happen quite a lot, it should be pretty explicit here

An attempt was made to track a link that does not exist in any post. Perhaps this post needs rebaking or a plugin needs to whitelist link.

I am not certain we want to even keep this error

riking · March 9, 2018, 10:09pm

Some kind of interstitial is needed, otherwise someone can make a link like https://meta.discourse.org/clicks/track?url=https%3A%2F%2Fmeta.discourse.org%2Fclicks%2Ftrack%3Furl%3Dsteam%3A%2F%2Funinstall%2F440 and it looks like a normal URL but actually uninstalls a game from Steam. (“Preventing open redirects”.)

I’ll try to get my laptop set back up this weekend

zogstrip · March 14, 2018, 8:20pm

I’ll have a look at this later this week unless you beat me to it

riking · March 15, 2018, 5:20am

Yeah my laptop failed to power on once or twice and so I’m a little wary of doing work other than “take a backup” on it.

It’s still the one I got four years ago!

zogstrip · March 16, 2018, 11:33pm

No more white page of doom

https://github.com/discourse/discourse/commit/89f5c90ce0923fd9b8d8464a43582aeb274d1c32

Topic		Replies	Views
Click counter missing for some internal links Bug click-counter	30	3684	December 7, 2018
Clicking links is stuck in click tracking, shows ERR_FAILED Support subfolder	16	4003	April 6, 2018
Clicktracking breaks links Bug	3	802	May 3, 2016
Removing title from URL breaks links Support	25	2168	July 3, 2019
Notify user of a broken URL in their Topic Feature	2	428	July 4, 2023

Show an error page when click track fails

Related topics