Last modified: 2013-04-08 17:25:50 UTC
Users need cookies enabled for session handling on the credit card form to prevent CSRF. At the moment, depending on the particular form the user sees, they can either be entered into an infinite loop of the credit card form refreshing -or- they can still transparently go through the process, although it is a security vulnerability
What was the trick again (apart from deleting cookies) to get the donation banners displayed again? Adding some parameter to the URL, I assume? Or is that documented somewhere for testers? Would love to check if this is still a problem nowadays.
There's two 'tricks' if you will. One is adding &reset=1 (and possibly &banner= a banner name from CN if there's no banners currently being run). The other is to delete the 'centralnotice_fundraising' cookie if it exists (this sets the hide flag which will stop CN from even requesting a banner).