-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Implement a honeypot field on our main search #14297
base: main
Are you sure you want to change the base?
Conversation
5c9a77e
to
239d94d
Compare
@samhotep I am not sure the failing playwright tests are related to this PR (even though they are on a 'search' field). As they are failing on my other ubuntu.com PRs also |
@petesfrench LGTM! |
const honeyPotField = searchForm.querySelector("input[name='search']"); | ||
// If the honeypot field has a value, it might be a bot, so redirect | ||
if (honeyPotField && honeyPotField.value !== "") { | ||
console.log("Honeypot field has a value, redirecting to search page"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You might want to remove this console log, to give the bot's maintainer no hints :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was wondering about this. Maybe all the code should be obscured in some way
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we minify the JS?
@samhotep So I originally wanted to do this from within the search module, but as they works of request there was no way to strip the second search field from the url and it was looking very ugly. An alternative may be some 3rd party middleware. But we can look into that depending on how this goes. |
Sounds good to me, its definitely out of scope for this PR |
Done
This work aims to add a basic honeypot field to our search to catch automated attacks
QA
The follow QA steps should be complete for the navigation search & the search found under /search
q=
We should make sure this doesn't interfere with any other searches
Issue / Card
Fixes https://warthogs.atlassian.net/browse/WD-14707