Open Bug 1262893 Opened 5 years ago Updated 5 years ago
Change newsletter subscription confirm page to require a button click to confirm
Currently the token (subscription) is confirmed simply by visiting the confirmation URL the subscriber found in their email. We should require an additional user action (a button click) to help prevent accidental confirmations as well as to prevent accidental automated confirmations if an email spam prevention measure hits URLs in emails looking for dead or harmful links or redirects.
Thanks pmac. I'll add this to the backlog of ideas to explore and potentially implement post our CRM integration work.
If you do add a button please please please add an anti-csrf token so it can't be spammed.
Although short of something like a captcha that won't stop scripted spam attacks.
You need to log in before you can comment on or make changes to this bug.