XF 2.2 GSC and cookies consent URL

N

Nicolas FR

Well-known member
Hello, since the January 21th i receive a lot of URL errors in GSC, 3.6K of this kind of URL:
https://xenforo.fr/misc/cookies?update=1&reject=1&t=1674994290,d71df2eb1236ef187440fa26d77167eb
https://xenforo.fr/misc/cookies?update=1&accept=1&t=1675076268,279b19e95b315beba530f32200313e8f

@digitalpoint can you think it could be linked to the Cloudflare add-on ?
@mazzly or your AMP add-on ?

Thanks guys.
 
Sort by date Sort by votes
My guess is that it stems from the fact that XenForo is using CSRF tokens in GET requests and those tokens become invalid before too long. Which means those URLs will throw an error if accessed later (a search engine spider doesn’t instantly spider all links right when it sees them).

IMO, XenForo should change the places where it uses CSRF tokens in GET requests to POST requests (for this and other reasons).
 
Upvote 0 Downvote
Thanks,
So the initial "problem" would come from XF but would be revealed by your Cloudflare add-on, did I understand correctly?

It's not very disturbing these errors in the GSC, I also asked for the deletion of URLs starting with https://xenforo.fr/misc/cookies?update. I'm just trying to understand.
 
Upvote 0 Downvote
No, doesn’t have anything to do with Cloudflare add-on. XenForo has a few URLs with expiring CSRF tokens embedded in the URL in a few places (for example the advanced cookie consent pop up). It does that in a vanilla installation. It’s not the “right” way to do it, but it does it that way for some reason.
 
Upvote 0 Downvote
Ok, understood. What surprises me is that these errors only appeared in the GSC from January 21, while I installed 2.2.12 and the advanced cookie consent from December 8. Perhaps Google's indexing lag.
 
Upvote 0 Downvote
As an example, you can look at Google's last spidering of the XenForo community page here:

webcache.googleusercontent.com

XenForo community

Forum software by XenForo
webcache.googleusercontent.com webcache.googleusercontent.com

If you get the URL on that page that is used to accept cookies, you get an error if you use it:


...basically the same thing that happens to Google.

You could of course block those URLs with robots.txt since they serve no purpose as far as spidering content, but the "right" thing to do would be for XenForo to switch it's usage of CSRF tokens to be POST requests.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

eDaddi
  • Question Question
XF 2.2 R2 & File not found errors
Replies
16
Views
420
MattW
MattW
M
  • Question Question
XF 2.2 Cookies are Required issue - fixed by Varnish exclusion
Replies
4
Views
1K
jamalfree
jamalfree
jb9826
  • Question Question
XF 1.5 Mysqli statement execute error : Lock wait timeout exceeded; try restarting transaction
Replies
0
Views
535
jb9826
jb9826
K
  • Suggestion Suggestion
Lack of interest Provide a full list of cookies and other data stored on clients
Replies
0
Views
336
Kirby
K
Solari
  • Question Question
XF 1.5 Getting "invalid sitemap file" and related server errors
Replies
2
Views
774
Solari
Solari
Top Bottom