Page MenuHomePhabricator

publicpolicy@ listserv link on throws error "There was no hidden token in your submission or it was corrupted."; people cannot subscribe
Open, HighPublic



I'm putting this here, but please add tags/people as appropriate.

I've tried several times to sign up for the public policy list through the policy website — and I've never been taken to the confirmation email. But when I signed up for the public policy listserv through the Wikimedia listserv page, it worked!

@jrbs reports that "I can have a look in the source of the page; looks like it's trying to send something but not actually sending anything. It would probably be best to link directly to the mailman signup page. Right now it's trying to "POST" the information there which I'm not sure is something that mailman can even do."

I know the site was heavily promoted when the blog post about it went live, and I suspect there may have been a lot of people who tried to get updates, and weren't successful.

Right now it doesn't appear to be editable on Wordpress, though it might just be hiding somewhere unobvious.

Event Timeline

Framawiki added a subscriber: Framawiki.

I just tried, and I've an error too from the page

Publicpolicy Subscription results
Please take a few seconds to fill out the form before submitting it.
You must GET the form before submitting it.

I believe this is related to T116290.

The base code for Policy site is on Wordpress repo - so we will need to submit the file there rather than our repo.

I believe this feature is in the Wordpress skin. I'll get in touch with designers and find the code. @Varnent, would you be able to fix it?

@Slaporte - I have been looking around a bit and think I can. I would just need the ability to submit the file to the Wordpress server. I cannot remember how that access is setup. Does Mule still have that access or do we have it as well now?

I think it's with Mule. If there is nothing sensitive in the repo (eg no private keys, etc), then I want to transfer ownership to the Wikimedia Github org and make it open so this kind of thing is easier to solve.

@Slaporte - I am checking with Mule right now on if they still have access. Can we change ownership without moving it off Wordpress server? Sorry - I have not looked into any of this in like a year so playing memory catchup and do not recall where things were left in terms of access to the Wordpress hosted repo. :)

I'll follow up with you via email. There are a few steps before we change ownership.

I can still reproduce the problem.
Ping @Slaporte

This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!

For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)

Aklapper renamed this task from Policy listserv link on doesn't actually sign people up for the mailing list to publicpolicy@ listserv link on throws error "There was no hidden token in your submission or it was corrupted."; people cannot subscribe.Nov 7 2020, 9:32 AM
Aklapper removed subscribers: Jbarbara, MelodyKramer.

On , entering an email address under "Keep up-to-date with Wikimedia’s policy initiatives" and clicking "Join" goes to and says:

Publicpolicy Subscription results
There was no hidden token in your submission or it was corrupted.
You must GET the form before submitting it.

(See /Mailman/Cgi/ triggering that.)

Going to and subscribing says

Publicpolicy Subscription results
Your subscription request has been received, and will soon be acted upon.

but I receive a confirmation email as expected.

Change 724087 had a related patch set uploaded (by Legoktm; author: Legoktm):

[operations/puppet@production] mailman: Redirect /mailman/subscribe/$listname URLs too

The problem here is:

<form method="POST" action="">
  <input type="email" name="email" size="30" value="" placeholder="email address" class="email-input">
  <input type="Submit" name="email-button" value="Join" class="email-submit button button-blue">

for a few years now, Mailman has required as CSRF token and with Mailman3 the form+URL has changed entirely. I would suggest this form just be replaced with a link to the publicpolicy postorius page.

The redirect I'm going to add will at least send people there, but it'll be a bit confusing since they entered their email to subscribe, and now they're being directed to a totally different page, and they're not subscribed yet.

Change 724087 merged by Legoktm:

[operations/puppet@production] mailman: Redirect /mailman/subscribe/$listname URLs too