Gateway is not always displayed

toplistenportal

toplistenportal

Member
Good evening.

For some users, the gateway page does not work after clicking on their page and on the vote button. The click leads directly to the main page.
The vote message whether successful or not does not appear either.
For other users, however, it is correct, as the gateway page is displayed and also the vote message whether the vote was valid.

Where is the mistake ?
I rule out a mistake in the settings, because most of them work correctly.

Home
VS1.8
default Style

Greeting
Andreas
 
Mark

Mark

Administrator
Staff member
If the gatway is not showing, then the incoming vote is probably not considered valid. Are the sites linking from http or https? and is your list on http or https?
 
toplistenportal

toplistenportal

Member
That is different.
So my list is running https: //
The user pages partially with and without, no pattern can be seen.
It sometimes works on https and doesn't work on some sites.
If I switch off the gateway page, then on the pages where it is not otherwise displayed, it is displayed that the vote has been counted,
Very strange ^^
 
toplistenportal

toplistenportal

Member
Sorry, these are pages that are not completely secure.
They do display https, but if I look closely, I can read in the browser that the page is not fully secured.
I was relying on it if it shows https then it is safe ^^

So that means, just like before, only vote https pages using the button directly and http pages only if you click on Vote directly from my list?
 
Basti

Basti

Administrator
Staff member
To show the gateway, a referrer is needed on when using "friendly vote link"
It did send a referrer for user rank 1 german power, but something aint right

Could you look into your database please?
Table VL_sites, in there search for that username and let us know, what is inside the short_url column for that user?

Have the feeling that the system cant get the username based on referrer, hence not showing gateway
 
toplistenportal

toplistenportal

Member
Hello Basti.

I've attached a picture.

Another example would be Born to Vote, the user tried it and appended his user name and page ID to the button link. Then it goes as it should. But of course I can make it clear to someone what to do * g *

I marked German Power ;-)
 

Attachments

Basti

Basti

Administrator
Staff member
There is the mistake, his website has this referrer policy

Referrer Policy: strict-origin-when-cross-origin

developers.google.com

A new default Referrer-Policy for Chrome - strict-origin-when-cross-origin - Chrome Developers

A new default Referrer-Policy for Chrome - strict-origin-when-cross-origin
developers.google.com developers.google.com
Up until recently, no-referrer-when-downgrade has been a widespread default policy across browsers. But now many browsers are in some stage of moving to more privacy-enhancing defaults.

Chrome plans to switch its default policy from no-referrer-when-downgrade to strict-origin-when-cross-origin, starting in version 85.

This means that if no policy is set for your website, Chrome will use strict-origin-when-cross-origin by default. Note that you can still set a policy of your choice; this change will only have an effect on websites that have no policy set.
Click to expand...
What does this change mean?
strict-origin-when-cross-origin offers more privacy. With this policy, only the origin is sent in the Referer header of cross-origin requests.

This prevents leaks of private data that may be accessible from other parts of the full URL such as the path and query string.
Click to expand...
This means only the domain is sent as referrer, which ofcourse does not match up with what is stored in the db


For now a quick fix is to edit that user manually in db, set his short url to
http://.topsites24.de
Then try to vote

Take note of the dot, im not sure right now if this is mistake caused by that www6, but keep it for now. If it still not works, remove that dot also.



Ill have a talk with mark at these days, it looks like we need to change the short_url fuctions to only work with domain unlike now ( with folders also after domain ), cause these folders are not included in this new referrer policy



As for that born to vote, if you inspect your vote button on his website, you see he specified
Code: 
rel="noopener noreferrer"
This also means, that no referrer is passed. For his you have 2 options. Tell him to remove the "noreferrer" part, or he has to use the "unfriendly" vote link, thats the one found on your details page
 
toplistenportal

toplistenportal

Member
Hello Basti.

Thank you, that with the short url helped the users, who from bsp. http: //.topsites24.de come.
It works like this.
But it's still the same with normal pages, even if they also use https.
Editing all users in the database is difficult in the long run and at some point not even possible.

If I understand correctly, will there be a solution soon as an update or a plugin?

First of all, thank you, now I know why and I can try to explain that to the users, which is not easy ;-)

// Addendum.
I can't leave it like that with the short url.
Now everyone else will also be able to see that it is voting for German-Power.
I have to change that again.
 
Last edited:
Basti

Basti

Administrator
Staff member
ohhh there are more who use that domain? like topsites24/whatever ?

Now that is a problem, then it is impossible for these guys to detect the correct username if all they send as referrer is the domain. So they either have to change their prolicy entry, or use the "unfriendly" vote link. Only options
This can't be fixed for sites like that
 
toplistenportal

toplistenportal

Member
Yes, topsites24 is such a free way to create a toplist. There are hundreds of them and of course they all have the same beginning of the domain.
Well, then you just have to live with the problem.

Nevertheless many thanks.

For the next problem, I'll open a new topic ^^
 
You must log in or register to reply here.
Top