logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
Joe Payne2  
#1 Posted : Thursday, April 21, 2022 1:31:05 PM(UTC)
Joe Payne2

Rank: Advanced Member

Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564

Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
This sounds interesting. How does it work?

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

shaharyar  
#2 Posted : Friday, April 22, 2022 1:59:11 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
This was implemented to avoid invalid bots requests. We have included the check to restrict the POST requests without cookies.
POST requests without cookies will be given BadRequest response.
Joe Payne2  
#3 Posted : Friday, April 22, 2022 7:44:55 AM(UTC)
Joe Payne2

Rank: Advanced Member

Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564

Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
Sounds like that will reduce the error log spamming on AddToCart and other random endpoints?
shaharyar  
#4 Posted : Friday, April 22, 2022 8:03:06 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 704

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
You got it right!
thanks 1 user thanked shaharyar for this useful post.
Joe Payne2 on 4/22/2022(UTC)
Joe Payne @ Solunar  
#5 Posted : Monday, May 2, 2022 7:50:40 AM(UTC)
Joe Payne @ Solunar

Rank: Member

Groups: Developers, Registered, HelpDesk
Joined: 11/7/2018(UTC)
Posts: 23

Thanks: 5 times
Unfortunately this didn't work for us. We deployed our 9.0.6 upgrade this morning and we're already seeing /product/addtocart errors in the log.

I wonder if there's some sort of detail I could capture and log about the request to help me identify the bot involved? Maybe then I could find a common attribute that helps me detect them better than just the cookie test.
Joe Payne, AbleMods Hosting LLC
https://www.ablemodshosting.com
Joe Payne2  
#6 Posted : Monday, May 2, 2022 4:42:35 PM(UTC)
Joe Payne2

Rank: Advanced Member

Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564

Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
So I finally figured this out...

Background:
Our error log is flooded with /product/addtocart errors like this
Quote:
The parameters dictionary contains a null entry for parameter 'productId' of non-nullable type 'System.Int32' for method 'System.Web.Mvc.ActionResult AddToCart(Int32)' in 'AbleCommerce.Controllers.ProductController'. An optional parameter must be a reference type, a nullable type, or be declared as an optional parameter.


At first this makes sense. In ProductController.cs, there is an endpoint AddToCart(int productId). So I naturally assumed the url causing the error would be /product/addtocart?productId= or simply /product/addtocart

First Clue:
However, this is happening with the Cart button in BuyProductDialog. And THAT button uses a form post, not a url parameter. So in the ProtectFromBots[] I was able to expose the actual action attributes with filterContext.ActionParameters. This gave me a surprise, because there was no specific 'productId'. It's a page model being passed, and ProductId is a property in THAT PAGE MODEL. So MVC picks it up and hands it to the Action method.

Second Clue:
Doing a breakpoint in ProtectFromBots[] showed me it's actually getting hit TWICE for a single add-to-cart click. That definitely shouldn't be the case. The first hit is generating the exception above, the second hit properly passes the model which contains the correct ProductId value.

So that means the add-to-cart button is firing twice when clicked. I quickly compared the add-to-cart button on the buy-product-dialog to the add-to-cart button in the _AddToCart.cshtml and there is one KEY difference: an additional CSS class 'btn-add-to-cart' which is not present on the button in BuyProductDialog. And if you search for that CSS class, you find that /script/app.js hooks a click event to every button with that CSS class....

And that click event makes an AJAX call to /product/addtocart passing only ProductId.

The site designer we hired thought that was just a CSS class, so they used it again on BuyProductDialog to style the button. She had no idea it was also being used as a way to flag certain HTML controls for additional javascript behaviors.

So for 6 months I've been pecking at the problem where my add-to-cart was firing twice, and it all boiled down to the addition of one CSS class to one button on one page.

You guys can't use CSS classes as a way to identify html controls that fire ajax calls without at least validating the necessary AJAX data payload actually exists. You have no idea how much time this has cost me.........
Joe Payne2  
#7 Posted : Tuesday, May 3, 2022 6:28:06 AM(UTC)
Joe Payne2

Rank: Advanced Member

Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564

Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
Simple solution: modify /scripts/app.js to test the productId value before making the ajax call

Code:

//ADD TO CART AJAX LISTENER
$(function () {
    $(document).on('click', ".btn-add-to-cart", function () {
        // 5-3-2022 begin mod
        // only make the ajax call if we have a product id 
        var prodId = $(this).data('productid');

        if (prodId) {
            $.ajax({
                url: AppPath + "/Product/AddToCart",
                type: "POST",
                data: {
                    ProductId: $(this).data('productid'),
                }
            }).done(function (data) {
                onAddedToCart(data);
            }).fail(function (err) {
                console.log(err);
            });
        }
        // end mod
    });
});
Users browsing this topic
Guest (6)
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.