Opened 4 years ago
Closed 4 years ago
#52406 closed task (blessed) (fixed)
Extend the validity period of the comment moderation hash
Reported by: | johnbillion | Owned by: | johnbillion |
---|---|---|---|
Milestone: | 5.7 | Priority: | normal |
Severity: | normal | Version: | 5.7 |
Component: | Comments | Keywords: | has-patch commit |
Focuses: | accessibility | Cc: |
Description
When a visitor submits a comment and it gets held for moderation, a moderation-hash
query variable is added to the redirect URL so the moderated comment can be seen by the visitor. This was introduced in [47887] for #49956.
The moderation hash is valid for any length of time but it's only respected for one minute (ref, ref).
Since [50109] commenters can opt-in to receiving an email notification when their moderated comment gets approved, and this feature uses the same moderation hash.
The problem is that the one minute window also applies to submitting the notification opt-in form and reloading the page a second time. If you're on a slow connection, you're using assistive technology, or you're a slow reader or slow decision maker, you can easily take longer than 60 seconds to submit this form.
I propose extending the time that the moderation hash is respected to ten minutes. Any objections?
cc @whyisjake @peterwilsoncc @jonkolbert @ayeshrajans @imath
Attachments (2)
Change History (14)
#2
@
4 years ago
Hi thanks @johnbillion for opening this ticket & @joedolson for this a11y concern. Maybe we could fix this ticket in 2 steps?
- Extend time to 10 minutes for 5.7
- Improve this including controls into the form to manage this timing when commenter has not opted in to cookies.
I believe 2 should need some JavaScript to inform about the remaining time.
#3
@
4 years ago
- Milestone changed from 5.7 to 5.8
5.7 Beta 1 is happening in about 25 minutes. Ran out of time to get this ticket into the release. Punting to 5.8.
If any maintainer or committer feels this can be resolved in time, or wishes to assume ownership during a specific cycle, feel free to update the milestone accordingly.
#4
@
4 years ago
@joedolson While indicating how much longer the link is valid for seems like a good idea, I worry about allowing users to extend it via the UI. Allowing users to turn it off would introduce the problem in #49956, either allowing them to adjust or extend it seems to partially reintroduce the bug as spammers would be able to exploit it.
I'm happy if people decide to extend the timeout from one minute, I'll review [50109] for the additional context.
#5
@
4 years ago
- Milestone changed from 5.8 to 5.7
- Type changed from enhancement to task (blessed)
As this is an issue that was introduced in 5.7 ([50109]), I'd like to move this back to the 5.7 milestone. I think we can reclassify this as a task that is an extension of the already committed feature.
This ticket was mentioned in Slack in #accessibility by ryokuhi. View the logs.
4 years ago
#7
@
4 years ago
- Keywords dev-feedback removed
Summary of discussion in the #accessibility channel today:
- If a user misses the time window then it does honour their request to be notified of the approval, they just don't see a confirmation message and their unapproved comment disappears.
- It was agreed that 10 minutes is likely sufficient time for any user to submit the opt-in form, although this isn't based on any research.
- It was suggested to split the display of the confirmation message (after submitting the opt-in form) from the display of the pending comment, which would allow the former to have no time limit and the latter to remain visible only within a short window.
- It might be too late to refactor the confirmation message for 5.7, unless someone wants to own that.
It would be great to do the latter for 5.7 but my preference would be to bump the time limit to 10 minutes and work on a solid improvement for 5.8.
Any objections?
#8
@
4 years ago
That sounds like a fair way to go forward for now. Get the 10min time limit in place and then make further improvements for 5.8.
#10
@
4 years ago
- Keywords has-patch added; needs-patch removed
52406.diff increases the moderated comment window from 1 minute to 10. Screenshot above of HTTP response headers showing a 10 minute window.
From an accessibility perspective, any interface where timing matters should allow the timing to be a) exposed to the user and b) adjustable by the user. So for best practices on accessibility, we should add an indicator telling the user how much time they have left to complete this form with the option to extend it.
There are a few options for how this can be handled, see https://www.w3.org/TR/UNDERSTANDING-WCAG20/time-limits-required-behaviors.html