- Issue created by @jkamizato
- 🇨🇦Canada danrod Ottawa
Did you try restricting /antibot to GET requests only and then do a POST request to your form?
- 🇨🇦Canada danrod Ottawa
I sent a POST request to
/antibot
:I get the "Submission failed" error:
I applied your suggested fix and I tried sending repeated submissions to a page with form validation issues:
https://www.drupal.org/files/issues/2025-03-20/antibot_post4.png →
And I ran into this issue:
Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException: No route found for "POST http://drupal.11.0.10.ddev.site/antibot": Method Not Allowed (Allow: GET, HEAD) in Symfony\Component\HttpKernel\EventListener\RouterListener->onKernelRequest() (line 153 of /var/www/html/vendor/symfony/http-kernel/EventListener/RouterListener.php).
I reverted the MR and I got the expected result after trying to abuse the form:
So I believe the abused form passes some POST requests to
/antibot
for some reason