search

isso-comments / isso

a Disqus alternative
https://isso-comments.de
MIT License
5.03k stars 440 forks source link

Can't reply to comments which are still in grace period due to flawed client recognition #196

Closed NickHu closed 9 years ago

NickHu commented 9 years ago

When trying to reply to comments which are in the grace period, isso issues a 403 Forbidden rather than allowing the comment to post.

Response body:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>403 Forbidden</title>
<h1>Forbidden</h1>
<p>edit time frame is still open</p>

Reproducibility:

  1. Post a comment on demo site
  2. From another machine (clearing cookies may work - have not tried), try to reply to that comment

The main issue is that there is no feedback to the user if they do not have the javascript console open, so either the reply should just post (preferable solution), or being able to reply to comments in grace period should be disabled in the UI.

NickHu commented 9 years ago

Addendum: I'm testing this with a colleague who is on the same network as myself, and presumably we are behind a NAT; therefore I believe the issue to be such that the isso server recognises us as the same client.

NickHu commented 9 years ago

Seems to be an intended feature of netmasking 255.255.255.0 of the isso.utils.anonymize(remote_addr) function.