No, I can not, sorry about the confusion. Just saying that asking for a repro on meta (or using incognito) won’t work, since (in my case) it was related to stored passwords.
When you say “stored passwords” do you mean stored through Chrome or some third party plugin? Because I use the built in Chrome password storage and I’ve never seen any issues.
1 Like
I too am having this issue, unfortunately. New to discourse myself and was testing the sign up feature on my new forum to make sure that the activation emails were going through OK when I was presented with this very issue.
I tried turning off uBlockOrigin and Adblocker Pro. I’m not sure if this could be SessionBuddy or BitWarden - All of which are chrome plug-ins I have installed.
Funny enough, to make this comment, I had to sign up for this forum. I was presented with the exact same problem and had to use chrome in Incognito mode to get passed the issue. I’m sure it’s something on the chrome plug in side of things, hope there is some kind of work around or that someone is able to reproduce the issue.
5 Likes
Try disabling the other plugins and see which one it is. It’s pretty clear that the problem is the plugin,so that’s what to fix.
1 Like
The list of active browser extensions will help out a lot in narrowing down this issue.
5 Likes
Stored through Chrome; issue still occurred with any and all extensions disabled.
I don’t run any password extension plugins on Chrome.
But no, I can’t repro it on meta
Can you repro it on try.discourse.org? Is the version of Discourse you are testing against old or out of date? Are there unusual Discourse plugins installed? Does it repro in Chrome safe mode?
Tried, but couldn’t
It’s one major version behind, 2.2.3. Issue popped up after recent upgrade from 2.1
Yes, many, including custom ones for us. Don’t think any would interfere with the login screen, other than styling, apart from the Google/Linkedin/OAuth ones.
As far as I can tell, Chrome uses Incognito mode as their “safe mode”, this didn’t allow me to repro initially since it doesn’t pre-fill the password.
For me the issue is settled enough. It’s really really hard to repro (can’t even seem to repro it on our instance anymore) and the repro-path that I did have will not likely be encountered by my users (since you’d need to attempt to sign up while already having a saved account). We’ve solved it with an extended warning.
3 Likes
Oh that’s weird. Outside the rogue browser plugins, which I know can cause this, I’m not sure.
2 Likes
Just chiming in that my users are also encountering this issue… Not really awesome on a brand new forum launch. In a panic now trying to figure out a solution, or if we just migrate the 1k~ users accounts.
- Discourse installed via Droplet via DigitalOcean.
- CloudFlare and cloudflare.template.yml
- I can signup multiple times with Chrome no problem.
- User reports can signup at try.discourse.org no problem
- Users extensions (Gets error): https://cdn.discordapp.com/attachments/257972166413254656/601166506063167643/unknown.png
- My extensions (No error): https://cdn.discordapp.com/attachments/257972166413254656/601166669368262679/unknown.png
- Discourse version: v2.4.0.beta2 +33
Discourse with errors: https://boards.neocron.org
Anything else that I can provide?
1 Like
Does it work in browser safe mode? If so, then it’s 100% a broken browser plugin.
If your Discourse site is using third party extensions, it’s possibly that as well, especially if the user can sign up at try.discourse.org no problem.
3 Likes
If the users extensions gives an error the problem is the user’s extensions. It’s the user’s fault.
2 Likes
There is an exception here, if they can’t repro on try.discourse.org but they can repro on their own site, it could be a plugin or config issue with their Discourse.
3 Likes
We did a webinar to show people how to use our community https://community.debtcollective.org and they reported this issue. This is the first time we got this error and I want to know what could be the cause to fix it.
If it’s a user extension, then we need to find a workaround because not everyone will be reporting this issue to us and we won’t know when users get this error either.
I saw this from @sam
So the issue is someone (user/script/extension) is adding text to new-account-challenge field?
2 Likes
Possibly, see if you can find a repro, then you could report the broken behavior back to the plugin authors.
1 Like
There is no error from an extension. The error comes from Discourse telling us it doesn’t know if the account was created. The two users encountering the error have totally different extension setups. In fact, none overlap… To call it an extension error when no extensions overlap is silly. The only common ground they have is Chrome. We have ruled out location also, as one is in the US, another is in Germany. They both have straight through connections to the internet, no VPN.
We have an issue rolling about this here → https://github.com/NCC-Lykos/neocron-classic/issues/363
Our current workaround is telling people to use a different browser or a private tab.
One member did raise a question though, why cookies during registration? Just curious.
@eatcodetravel do you mind sharing the plugins you are using on your Discourse? Maybe we can find something in common?
- git clone https://github.com/discourse/discourse-voting.git
- git clone https://github.com/discourse/discourse-solved.git
- git clone https://github.com/discourse/discourse-chat-integration.git
- git clone https://github.com/gdpelican/retort.git
- git clone https://github.com/singerscreations/discourse-stopforumspam.git
- git clone https://github.com/discourse/discourse-policy.git
- git clone https://github.com/Ebsy/discourse-nationalflags.git
- git clone https://github.com/discourse/discourse-math.git
- git clone https://github.com/discourse/discourse-spoiler-alert.git
- git clone https://github.com/discourse/discourse-akismet.git
- git clone https://github.com/discourse/discourse-canned-replies.git
- git clone https://github.com/discourse/discourse-signatures
- git clone https://github.com/sudaraka94/preventing-malicious-linking-plugin.git
- git clone https://github.com/jannolii/discourse-topic-trade-buttons.git
- git clone https://github.com/featheredtoast/discourse-pwned-passwords.git
- git clone https://github.com/angusmcleod/discourse-events.git
- git clone https://github.com/discourse/Discourse-Tiles-image-gallery.git
The malicious links plugin is currently disabled pending setup.
We don’t have many plugins installed, and most of these are extensions made by us.
This assumes that all extensions behave in a unique fashion and share no common code of approaches, which is very silly.
The message mentions cookies, but it has occurred on machines where cookies are enabled because the contents of a hidden <input> are being tampered with.
1 Like
For a new modern forum software to be so sensitive to a plugin that it causes issues that nobody can catch is extremely silly. We had no such issues with vBulletin, PHPBB and others. We switched to Discourse to simplify our entire setup.
One of our users with the error has tracked this down…
boards.neocron.org/:1 Refused to load the script 'https://boards.neocron.org/cdn-cgi/apps/head/QNWX_8GN-3K7wUr6Qa73LdoD3JI.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'report-sample' https://boards.neocron.org/logs/ https://boards.neocron.org/sidekiq/ https://boards.neocron.org/mini-profiler-resources/ https://boards.neocron.org/assets/ https://boards.neocron.org/brotli_asset/ https://boards.neocron.org/extra-locales/ https://boards.neocron.org/highlight-js/ https://boards.neocron.org/javascripts/ https://boards.neocron.org/plugins/ https://boards.neocron.org/theme-javascripts/ https://boards.neocron.org/svg-sprite/ https://www.google-analytics.com/analytics.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
account-created:1 Refused to load the script 'https://boards.neocron.org/cdn-cgi/apps/head/QNWX_8GN-3K7wUr6Qa73LdoD3JI.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'report-sample' https://boards.neocron.org/logs/ https://boards.neocron.org/sidekiq/ https://boards.neocron.org/mini-profiler-resources/ https://boards.neocron.org/assets/ https://boards.neocron.org/brotli_asset/ https://boards.neocron.org/extra-locales/ https://boards.neocron.org/highlight-js/ https://boards.neocron.org/javascripts/ https://boards.neocron.org/plugins/ https://boards.neocron.org/theme-javascripts/ https://boards.neocron.org/svg-sprite/ https://www.google-analytics.com/analytics.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
https://github.com/NCC-Lykos/neocron-classic/issues/363#issuecomment-513189051
Looks to be a CORS problem possibly, I’m going to look into that deeper but wanted to ask if @eatcodetravel had any CORS settings or issues also?
3 Likes
Can you provide more information on this? Which inputs are the ones that trigger this issue?