[openstreetmap/openstreetmap-website] Add links to the ToU and include them in signup (#2028)
Simon Poole
notifications at github.com
Wed Jan 30 12:46:08 UTC 2019
>
>
> In addition to the inline comments, don't we need something on the server side to check that they actually agreed?
>
> It looks to me like currently it relies on the submit button being disabled until javascript enables it when the checkbox is ticked but that leaves it open to somebody to hack a post of the form with `read_tou` unset and then claim they have never agreed...
I now protect against this, not really sure if "users_controler.save" is the best place, and redirect back to the terms page. Further I've added a test that tests for the redirct if the check box parameter is missing/not checked (not that I actually understand how it works :-)).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2028#issuecomment-458931076
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20190130/5e45d436/attachment-0001.html>
More information about the rails-dev
mailing list