Enforced/escalating delays when putting a link in a forum post

[bugfolder]

When I've tried to create a reply to a forum post and included one or more links to modules that might help the requestor, I've run into this problem when using the link popup:

• Select the text to be linkified;
• Click the link icon in the toolbar;
• In the resulting popup, enter the destination link;
• Click submit;
• The popup responds "There was a problem with your form submission. Please wait N seconds and try again."
• I wait N+ε seconds, and it works.

But if I have multiple links, it escalates: N = 7 for the first link, 13 for the second, 26 for the third. (And presumably, it keeps going.) And if in my counting off seconds I'm a bit too quick, then the popup rejects it again, with N := 2*N.

This is really annoying. I imagine the behavior is unintended (because we don't want to discourage real people from posting helpful replies to forum queries), but it looks like there's some sort of anti-bot/anti-spam detection that is throwing false positives.

System: Mac OS X Catalina Browser: Safari 14.0.3

[ghost]

@bugfolder The Forum does have Honeypot enabled with a setting of 7 sec. It'll reject form submissions that happen in less time than that (presumably because they're bots, because no human can submit a form in less than 7 sec...). I personally think this limit needs to be lowered and a better way to prevent spam found (I've written Behat tests that include a wait function for the purpose of getting around this type of spam protection).

But I'm interested to know what you mean by 'multiple links'... Do you mean multiple links in the same form? And/or in the same field? I assume Honeypot's 7 sec limit applies to the form as a whole, and that the individual number of links wouldn't matter. But it sounds like Honeypot's being added to the link dialog as a separate form with its own timeout...? Can you confirm this @bugfolder, or post a screencast showing this in action?

[bugfolder]

What I was doing was creating a forum post that included multiple links, something like this:

Information about X topic can be found here and here and here

where each boldface word was a separate hyperlink. The problem is not happening in the overall forum submission; it's happening in the "insert link" dialog, like this:

Here you can see that for the second link, it escalated the delay.

I'd say that for this dialog, 7 seconds is too long to force users to wait. To create the link, one would typically:

1. Copy the URL of the destination.
2. Click the "create link icon" in the text editor;
3. Paste in the URL;
4. Click "save".

That takes 1–2 seconds under normal circumstances.

And if the form is going to enforce a wait time, then that should be displayed in the form, something like "Please wait 7 seconds before submitting this form." That's a lot less unfriendly that a big red "You submitted this too soon! Wait and try again." (I'm paraphrasing.)

[ghost]

Thanks @bugfolder. I notice that Honeypot is set to protect all forms, so maybe that's why it protects the link dialogue form separately... I've just turned off that feature and told it which forms to protect individually. Can you try again and see if that works better now?

[bugfolder]

Yes, much nicer! Thanks!

[ghost]

The change I made still needs to be exported and committed to code, but that should happen during the next config sync. I think this issue can be closed now.