Page MenuHomePhabricator

India: prevent URL from seeming to offer a recurring option
Closed, ResolvedPublic


The India donor in 614821 tried to modify the donation URL (from the Ways to Give page) to create a monthly recurring card option. Is there a way to modify the page to prevent similar attempts from progressing as far as they got?

They used:

Because Adyen is still one-time only, we're thinking we may see more more donors try this in India (and maybe France as well?) If it's easy to change this, it would great to prevent them from getting so far.

Thanks, @krobinson for triaging this one!

Event Timeline

We've seen a few more examples of this: #760986; 763345 (among others).

Rakhi and I think we may see more once the campaign goes live as many donors in India use VPN and then just change the URL to IN from US or whatever.

Is there any workaround on the horizon @MBeat33 @Pcoombe ? Agents now know how to respond, but it might be handy if we could ensure donors who hack the link don't stumble across a monthly option.

Pcoombe renamed this task from Adyen & India: prevent URL from seeming to offer a recurring option to India: prevent URL from seeming to offer a recurring option.Jul 27 2020, 11:51 AM
Pcoombe claimed this task.
Pcoombe edited projects, added; removed FR-Adyen.

Okay, this is done. I moved the logic which hides the monthly option for certain countries into DonationForm.js. If the monthly option is hidden, then adding monthly=true in the URL will do nothing and the user will just get a one-time form. Diff of code change.

Examples for India, Argentina

Countries where we currently hide the monthly option are AR, CL, CO, MX, PE, BR, IN