jetpack
Opened 12 years ago
Closed 12 years ago
#1859 closed defect (fixed)
Contact form: remove front-end nonces
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Severity: | normal |
| Plugin: | jetpack | Keywords: | grunion contact-form plugin-compat has-patch |
| Cc: | jeremy+wp@…, richard@… |
Description
Nonces on the front-end don't serve any security purpose, and can cause errors when they're cached and then expire.
I'm getting reports of sporadic "Are you sure..." wp_die()-style error messages when users fill out contact forms on WordCamp.org and suspect they're being caused by expired front-end nonces in the contact form.
The process looks similar to this:
- Page with form is created
- Page is viewed for the first time
- Nonce is generated
- Page is cached
- Time passes and the nonce expires
- Cached version of page is viewed again
- Form is submitted with expired nonce
- User gets "Are you sure..." error and form is not submitted
Removing the nonce fixes the problem without causing any security issues, since the nonce wasn't giving any real protection in the first place.
Attachments (2)
Change History (8)
#2
@
12 years ago
- Cc jeremy+wp@… added
- Keywords grunion contact-form plugin-compat added
- Summary changed from Remove front-end nonces from contact form module to Contact form: remove front-end nonces
#4
@
12 years ago
There should still be a nonce for logged in users.
Without a nonce, a malicious party can trick someone into submitting the form. That's not great for logged out users, but it's bad for logged in users, since the plugin claims the message was sent by a "verified account" if a logged in user submitted the form.
1859.diff removes the nonce in the form itself, but not the nonce used after the form is submitted and the user is redirected to view the results. Removing that one would require setting up some new kind of auth mechanism, and I don't think the redirect page is as susceptible to the caching problem as the form itself.