feat: Implement a honeypot field on our main search #14297
Conversation
Demo
Jenkins 
demos.haus 
petesfrench
force-pushed
the
wd-14707
branch
2 times, most recently
from
5c9a77e
to
239d94d
Compare
|
@samhotep I am not sure the failing playwright tests are related to this PR (even though they are on a 'search' field). As they are failing on my other ubuntu.com PRs also |
|
@petesfrench LGTM! |
| const honeyPotField = searchForm.querySelector("input[name='search']"); | ||
| // If the honeypot field has a value, it might be a bot, so redirect | ||
| if (honeyPotField && honeyPotField.value !== "") { | ||
| console.log("Honeypot field has a value, redirecting to search page"); |
There was a problem hiding this comment.
You might want to remove this console log, to give the bot's maintainer no hints :)
There was a problem hiding this comment.
I was wondering about this. Maybe all the code should be obscured in some way
samhotep
added
Review: QA +1
Review: Code +1 (with changes)
and removed
Review: QA needed
Review: Code needed
labels
|
@samhotep So I originally wanted to do this from within the search module, but as they works of request there was no way to strip the second search field from the url and it was looking very ugly. An alternative may be some 3rd party middleware. But we can look into that depending on how this goes. |
Sounds good to me, its definitely out of scope for this PR |
Done
This work aims to add a basic honeypot field to our search to catch automated attacks
QA
The follow QA steps should be complete for the navigation search & the search found under /search
q=We should make sure this doesn't interfere with any other searches
Issue / Card
Fixes https://warthogs.atlassian.net/browse/WD-14707