XF 2.2 GSC and cookies consent URL

O

Old Nick

Well-known member
Hello, since the January 21th i receive a lot of URL errors in GSC, 3.6K of this kind of URL:
https://xenforo.fr/misc/cookies?update=1&reject=1&t=1674994290,d71df2eb1236ef187440fa26d77167eb
https://xenforo.fr/misc/cookies?update=1&accept=1&t=1675076268,279b19e95b315beba530f32200313e8f

@digitalpoint can you think it could be linked to the Cloudflare add-on ?
@mazzly or your AMP add-on ?

Thanks guys.
 
Sort by date Sort by votes
My guess is that it stems from the fact that XenForo is using CSRF tokens in GET requests and those tokens become invalid before too long. Which means those URLs will throw an error if accessed later (a search engine spider doesn’t instantly spider all links right when it sees them).

IMO, XenForo should change the places where it uses CSRF tokens in GET requests to POST requests (for this and other reasons).
 
Upvote 0 Downvote
Thanks,
So the initial "problem" would come from XF but would be revealed by your Cloudflare add-on, did I understand correctly?

It's not very disturbing these errors in the GSC, I also asked for the deletion of URLs starting with https://xenforo.fr/misc/cookies?update. I'm just trying to understand.
 
Upvote 0 Downvote
No, doesn’t have anything to do with Cloudflare add-on. XenForo has a few URLs with expiring CSRF tokens embedded in the URL in a few places (for example the advanced cookie consent pop up). It does that in a vanilla installation. It’s not the “right” way to do it, but it does it that way for some reason.
 
Upvote 0 Downvote
Ok, understood. What surprises me is that these errors only appeared in the GSC from January 21, while I installed 2.2.12 and the advanced cookie consent from December 8. Perhaps Google's indexing lag.
 
Upvote 0 Downvote
As an example, you can look at Google's last spidering of the XenForo community page here:

webcache.googleusercontent.com

XenForo community

Forum software by XenForo
webcache.googleusercontent.com webcache.googleusercontent.com

If you get the URL on that page that is used to accept cookies, you get an error if you use it:


...basically the same thing that happens to Google.

You could of course block those URLs with robots.txt since they serve no purpose as far as spidering content, but the "right" thing to do would be for XenForo to switch it's usage of CSRF tokens to be POST requests.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Rhodium
Confirmed Preview editor and cookies
Replies
0
Views
39
Rhodium
Rhodium
M
  • Solved
XF 2.3 Cookies giving me 286K google search console warnings
Replies
6
Views
49
MickkD
M
Mr Lucky
  • Question Question
XF 2.2 Cook consent is disabled but member can't login due to "oops cookies are required"
Replies
5
Views
306
Doug0928
Doug0928
M
  • Suggestion Suggestion
Do not hide URL and force user to accept third party cookies
Replies
3
Views
83
MaximilianKohler
M
BlueGreen91
  • Question Question
XF 2.2 Cookie consent popup and footer ads
Replies
0
Views
169
BlueGreen91
BlueGreen91
Back
Top Bottom