We cannot detect if your account was created, please ensure you have cookies enabled

This is great info. I haven’t seen CORS issue specifically, but I’ll dig more on this. If I find anything I’ll post it here.

After seeing the scripts looks like is related to Cloudflare, are you using Cloudflare? https://boards.neocron.org/cdn-cgi/apps/head/QNWX_8GN-3K7wUr6Qa73LdoD3JI.js. We are not using that so probably we haven’t seen this specific issue.

Thanks!

2 Likes

Digging into it, we had Settings->Security->content security policy enabled.

Once we disabled that, users were able to register. We tried adding the URLs found in that report above to the whitelisted script sources but it would not solve the issue.

Chrome apparently has beefed up their CSP. -> Content Security Policy (CSP) - Google Chrome

2 Likes

mmm I’m afraid we have that disabled, it should be another thing for us causing this issue

Apologies :frowning:

We have DISCOURSE_ENABLE_CORS set to true, and we have our cors origins set to the following… image

Don’t know if any of that could help you or might be different than your setup?

1 Like

We have the CORS flag enable too, but not sure if this is related.

1 Like

This is a CSP problem, not CORS.

Is this a subfolder setup?

EDIT: having come back around and looked at this again, I see what’s going on.

I can confirm this was injected by CF.

We STRONGLY recommend against disabling CSP on a production site. Instead, turn off Cloudflare if possible (we have had MANY, MANY support cases about CF negatively affecting Discourse’s JS) or at least disable all Cloudflare optimizations.

6 Likes

This opens massive security holes on your site. We STRONGLY RECOMMEND that you DO NOT do that. It’s very bad advice.

2 Likes

Hey @supermathie,

We don’t use Cloudflare and we are seeing this issue now with 2 users. The workaround we are giving them is to use incognito or another browser but maybe there are more users that are not reporting this issue to us.

Our community is mostly non-tech people, so I don’t think they have weird browser setups.

Can you provide more info on what’s triggering this issue? maybe I can go from there to find a solution.

Thanks!

1 Like

I wish we knew exactly.

There’s a hidden input field on the “Account Creation” screen that is checked for integrity at account creation time.

If this field is tampered with, the account creation fails.

Can you please ask your users to disable their plugins one-by-one until they locate the culprit?

We also have a ticket open with the Chrome project to investigate this behaviour.

Let me remind you of this screenshot from a non-technical user’s computer:

You can’t assume anything :slight_smile:

8 Likes

Yeah I mean is not 2000 anymore, browser security and malware prevention are better now (I believe). Another user reported this today, I’ll try to get more info from them and hopefully find something.

Thanks!

1 Like

Fantastic. We really want to nail this down so let us know.

6 Likes

I’ve got a friend experiencing this problem too - I’m trying to bring him on as a moderator. When I sign up on an incognito window, it works fine, but he can’t even in an incognito window. So I’m confident it’s not a problem with my install (I’m using plugins with my Discourse, but only official ones) but with his browser somewhere.

I’m working with him to pin down the problem, but if it’s not a plugin problem, I’m wondering if there’s something with our Chrome versions - whether something’s going on under the browser hood I’m unaware of, but I can’t say for sure yet. Currently trying to get hold of his version number for comparison but he’s Californian and so if he’s sensible, he’s asleep :stuck_out_tongue:

1 Like

OK, not sensible, but he’s awake and informative. He updated from 75.0.3770.142 to 76.0.3808.87 (64 bit), which did not help on its own in the main window, but after clearing cache and cookies, he was able to sign up on an incognito window. He’s using an entirely vanilla Chrome set-up aside from Adblocker.

EDIT: I couldn’t tell you if clearing cache or cookies would work on 75.0.3770.142 without being able to repro it (I can’t), but I do find it interesting that it did at least seem to help my friend.

1 Like

Hello, I just setup a fresh instance today at community.boid.com and came across this error message after trying to register a second account (both inside my normal chrome window as well as incognito). I was able to resolve the issue by manually deleting the autofill passwords from my google account and not using any of the auto-fill options on the signup form. I noticed that Chrome was suggesting many different authentication options for autofill from other unrelated websites. I haven’t seen this behavior on other sites so just wanted to mention my experience.

As far as I can tell, this does seem to be related to google chrome autofill.

4 Likes

Welcome to the community, @John_Heeter.