Registration/Activation failures - better information possible?

[SomeTroglodyte]

I won't publicly associate another mail with this github account, so this is anonymized a little bit.

• Registration page does not detect disabled cookies beforehand - it lets you run into 403 CSRF error. This could be tested with not too much effort?
• My mail Address of the form freesound.org@subdomain.mydomain.tld can be registered but not activated - no amount of resends will deliver a message. Validity of the address was tested from external account. Options: If this is an internal validation check - inform user. Otherwise - probably undesired / out of feasibility - extract and display log excerpt of your SMTP handler?
• Aside: freesound.somespamgourmetaccount@spamgourmet.com does work.
• Ever since g00gle finally raped the good old public-interest recaptcha project and dropped the specific recaptcha subdomain, FOSS and privacy friendly users will either avoid recaptcha-forcing sites entirely or let themselves be forced into some whitelist-mangling, as recaptcha only works with both scripting and iframes allowed for google.com - deplorable, but so far only an aside FYI for you. Actual option: wasn't it possible (I'm sure I've seen it elsewhere) to display a placeholder that will be replaced with the captcha if and only if the google spyware scripting is running?

This is meant as food for thought only, closing this unanswered at your discretion is perfectly OK.

[ffont]

Hi @SomeTroglodyte,

Thanks for your suggestions. We've been dropping google services from Freesound over the years. First google maps, more recently google analytics. We still use recaptcha, but have not checked any alternatives. Is there an alternative you would suggest?

Not sure about the issue with freesound.org@subdomain.mydomain.tld email address, to me it looks like it should work. Maybe @alastair has some idea coming to mind?

The 403 CSRF error in the login page is something that has been there forever and it would definitely be nice to fix.

[SomeTroglodyte]

Suggestions? Not a such with any positive prejudice... Besides recaptcha from literature ocr times until today I've seen hcaptcha and solvemedia in action - and that puzzle assembling thing - keycaptcha? I once did a clever one myself - project digits onto a flag waving in the wind as anim gif... None of those FOSS.

And helping by fixing that 403? I fear I would need too long to get back up to speed in this kind of development...

[ffont]

Thanks,

And helping by fixing that 403? I fear I would need too long to get back up to speed in this kind of development...

I didn't mean to suggest that, I meant that this is an issue we are aware off but have been putting aside and it might be good to look at it.

[SomeTroglodyte]

didn't mean to suggest

Heh, but subtly implying you might have - irrespective of your actual intentions - was fun.. Sorry. Thing is, I have a concept ready from my antique webmaster days but feel too - let's say too far out of the subject to tackle, otherwise - seriously - I might consider such help a worthwhile puzzle. The concept goes as follows:

• Everything happens before the user starts filling out the registration
• State 1: Markup displays "Sorry your browser blocks our scripts, we can't promise anything to work", no form/url params, no cookie
• Transition: Script juggles css display: to show "Testing cookies" or even the final form, whatever, sets "TestCookie=1" and TestInProgress=1 on the URL or in a form "var" and posts back to itself.
• State 2: TestInProgress comes back but TestCookie does not - display "Want cookies" message
• State 3: Both come back -> proceed with final form offer
• You can get away without the postback by relying on the form always being called through your other pages, never through a search engine...

Have fun and keep up the good community!