Not a bug View Boosting Method

So I've looked into bugs for XenForo a bit and found a nice big one that needs to be fixed.

So basically you can link broken images in a signature that will point to a thread and every time your signature is viewed (even from other threads) it will boost it up a view or however many images they linked in the signature.

I found a way to link multiple in one signature and make the browser load them all and not assume they're all the same asset, all you have do is add ?a=1 and increment it on each one.

If you want to see it in action you can go here and find "Visual Studio" at the bottom of the page and inspect my signature, it should load this four times.

Web Debugger Captures:
This is Fiddler 4 with Google Chrome done by me.
7pegc4z8


This is FireFox's thanks to @Z61
HgxdBVP.png
 
Last edited:
The view count essentially just reflects the number of times the URL was loaded. As such, the view count going up like that is expected. You could just sit there and refresh the page to get the same effect. On the whole, this isn't something we'd consider a bug.

Of course, if you use the image proxy the whole idea is blocked.
 
The view count essentially just reflects the number of times the URL was loaded. As such, the view count going up like that is expected. You could just sit there and refresh the page to get the same effect. On the whole, this isn't something we'd consider a bug.

Of course, if you use the image proxy the whole idea is blocked.
Why is an img tag loading the entire page source that you link it to when the Content-Type of the response doesn't match the Accept?
 
Strictly speaking, it does match: you'll see browsers give a */* as an acceptable type (albeit at a lower priority). It wasn't until recently that Chrome even gave an indication if it preferred an image response (it's a WontFix but it does appear to have been changed: https://bugs.chromium.org/p/chromium/issues/detail?id=63173).

You're not proposing something entirely unreasonable, but it's not something we attempt to do anywhere (and the change has to be page specific as some requests do render images) and because of the inconsistency of accept headers, there's a risk of breaking thread viewing full stop for certain requests. Meanwhile, you can trigger thread view increases in many other ways.
 
Top Bottom