Rank: Advanced Member
Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564
Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
|
This sounds interesting. How does it work?
|
|
|
|
|
|
Rank: Advanced Member
Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704
Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
|
This was implemented to avoid invalid bots requests. We have included the check to restrict the POST requests without cookies.
POST requests without cookies will be given BadRequest response.
|
|
|
|
|
|
Rank: Advanced Member
Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564
Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
|
Sounds like that will reduce the error log spamming on AddToCart and other random endpoints?
|
|
|
|
|
|
Rank: Advanced Member
Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704
Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
|
|
 1 user thanked shaharyar for this useful post.
|
|
|
|
Rank: Member
Groups: Developers, Registered, HelpDesk
Joined: 11/7/2018(UTC)
Posts: 23
Thanks: 5 times
|
Unfortunately this didn't work for us. We deployed our 9.0.6 upgrade this morning and we're already seeing /product/addtocart errors in the log.
I wonder if there's some sort of detail I could capture and log about the request to help me identify the bot involved? Maybe then I could find a common attribute that helps me detect them better than just the cookie test. |
|
|
|
|
|
|
Rank: Advanced Member
Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564
Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
|
So I finally figured this out... Background: Our error log is flooded with /product/addtocart errors like this Quote:The parameters dictionary contains a null entry for parameter 'productId' of non-nullable type 'System.Int32' for method 'System.Web.Mvc.ActionResult AddToCart(Int32)' in 'AbleCommerce.Controllers.ProductController'. An optional parameter must be a reference type, a nullable type, or be declared as an optional parameter. At first this makes sense. In ProductController.cs, there is an endpoint AddToCart(int productId). So I naturally assumed the url causing the error would be /product/addtocart?productId= or simply /product/addtocart First Clue: However, this is happening with the Cart button in BuyProductDialog. And THAT button uses a form post, not a url parameter. So in the ProtectFromBots[] I was able to expose the actual action attributes with filterContext.ActionParameters. This gave me a surprise, because there was no specific 'productId'. It's a page model being passed, and ProductId is a property in THAT PAGE MODEL. So MVC picks it up and hands it to the Action method. Second Clue: Doing a breakpoint in ProtectFromBots[] showed me it's actually getting hit TWICE for a single add-to-cart click. That definitely shouldn't be the case. The first hit is generating the exception above, the second hit properly passes the model which contains the correct ProductId value. So that means the add-to-cart button is firing twice when clicked. I quickly compared the add-to-cart button on the buy-product-dialog to the add-to-cart button in the _AddToCart.cshtml and there is one KEY difference: an additional CSS class 'btn-add-to-cart' which is not present on the button in BuyProductDialog. And if you search for that CSS class, you find that /script/app.js hooks a click event to every button with that CSS class.... And that click event makes an AJAX call to /product/addtocart passing only ProductId. The site designer we hired thought that was just a CSS class, so they used it again on BuyProductDialog to style the button. She had no idea it was also being used as a way to flag certain HTML controls for additional javascript behaviors. So for 6 months I've been pecking at the problem where my add-to-cart was firing twice, and it all boiled down to the addition of one CSS class to one button on one page. You guys can't use CSS classes as a way to identify html controls that fire ajax calls without at least validating the necessary AJAX data payload actually exists. You have no idea how much time this has cost me.........
|
|
|
|
|
|
Rank: Advanced Member
Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564
Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
|
Simple solution: modify /scripts/app.js to test the productId value before making the ajax call Code:
//ADD TO CART AJAX LISTENER
$(function () {
$(document).on('click', ".btn-add-to-cart", function () {
// 5-3-2022 begin mod
// only make the ajax call if we have a product id
var prodId = $(this).data('productid');
if (prodId) {
$.ajax({
url: AppPath + "/Product/AddToCart",
type: "POST",
data: {
ProductId: $(this).data('productid'),
}
}).done(function (data) {
onAddedToCart(data);
}).fail(function (err) {
console.log(err);
});
}
// end mod
});
});
|
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close
