There’s been a forum thread or two around and a few support tickets mentioning that the follow an author link no longer works if you try and put it in a button in your item description or profile.
The short version: we’ve had to disable the link due to certain authors abusing it.
The long version (if you can be bothered):
The way we’d initially built the following system with Ajax didn’t follow security best practices. Usually when setting up a system like that you only allow the code on the other end of the URL to only accept POST requests. When you don’t you’re left with a bad situation where other people can trick you into visiting the URL and the action would be performed against your will. This blog post can give you a good overview of GET vs POST if you’re interested.
Anyways, by the time we’d figured out that we’d deployed something I’d describe as “not ideal” (perhaps a bit generous) it’d started being used in author profiles and item descriptions in a nice way, and no one was taking advantage of the security hole, so we decided to sit back and watch.
Unfortunately, some people started to abuse the feature and set things up to trap users into following them, and so we’ve had to disable the accidental feature we had.
In the longer term we’re hoping to build a little follow widget code you can put into item descriptions, but for right now we’re stuck in a nasty spot where we’re short staffed and can’t build the cool new feature to make up for it, but can’t leave a security hole wide open either when people know about it. Sorry we had to turn this off, and a bigger sorry for not actually writing this notice sooner (instead of waiting for complaints to come in), and hopefully we can do something nice for you all soon to make up for it.
Hm. Well I hope at least the problem authors were completely banned.
Looking forward to editing the item pages for my entire portfolio.
I remember in the past, after visiting some author’s profile and item ads, I was added to their follower list unintentionally. Observed it for more than an year with confusion.
Maybe an idea would be to create an additional button on the sale page beside the “View Portfolio” ?
any chance you can redirect the url to take you to the users profile?
Just so all those links that are now spread around the site can be utilized
Have already redirected links to profile page, but would be great to have this announcement on Dashboard for everyone to notice.
- Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
- Open a support ticket if you would like specific help with your account, deposits or purchases.
- Item Support by authors is optional and may vary. Please see the Support tab on each item page.
Most of all, enjoy your time here. Thank you for being a valued Envato community member.