01d0b2b304
ref https://linear.app/tryghost/issue/KTLO-1/members-spam-signups - Some customers are seeing many spammy signups ("hundreds a day") — our hypothesis is that bots and/or email link checkers are able to signup by simply following the link in the email without even loading the page in a browser. - Currently new members signup by clicking a magic link in an email, which is a simple GET request. When the user (or a bot) clicks that link, Ghost creates the member and signs them in for the first time. - This change, behind an alpha flag, requires a new member to click the link in the email, which takes them to a new frontend route `/confirm_signup/`, then submit a form on the page which sends a POST request to the server. If JavaScript is enabled, the form will be submitted automatically so the only change to the user is an extra flash/redirect before being signed in and redirected to the homepage. - This change is behind the alpha flag `membersSpamPrevention` so we can test it out on a few customer's sites and see if it helps reduce the spam signups. With the flag off, the signup flow remains the same as before. |
||
|---|---|---|
| .. | ||
| e2e-api | ||
| e2e-browser | ||
| e2e-frontend | ||
| e2e-server | ||
| e2e-webhooks | ||
| integration | ||
| regression | ||
| unit | ||
| utils | ||
| .eslintignore | ||
| .eslintrc.js | ||