Onebox is breaking golden tickets


(Marta) #1

I noticed this after brief chat with beginner Monzonaut via PMs. I provided fresh ticket and she said it was already used. I knew it wasn’t used, and it was quite easy to figure out a pattern.

Somehow onebox that shows preview of monzo ticket already redirects and opening link directly doesn’t work.
When user clicks direct https://goo.gl/something url, ticket shows as valid.

It probably has big impact on tickets in Golden ticket thread, they look gone, but they are not! :frowning:

To reproduce, click this: https://goo.gl/fdVbKl - this works

Below is same link, just in onebox - doesn’t work.


Give/Request Golden Tickets 🎫 / Jump The Queue
Community Digest 16/06/17
(Eve) #2

Thanks for the tip-off! I reported it in the in-app help yesterday too


(Marta) #3

Funnily enough, someone grabbed this ticket quite quickly after I made this post, so my example no longer works. I probably shouldn’t have link it on Golden ticket thread. :wink: Clever people!

It’s easy to set up own example, even using reply box and preview on the right.


(Rika Raybould) #4

I’ll try and take a look at it during some of my free time today. No promises though. :slight_smile:


(Rika Raybould) #5

Got it, Discourse has tried to convert all the &s in the URL to & somewhere in the URL expanding and rendering. If anybody is better at Ruby than I am, the gem that provides oneboxing to Discourse is on GitHub and I think this section is somewhat related to the behaviour we’re seeing, even if it’s not the cause. :confused:


(Alex Sherwood) #6

Nice research :slight_smile: I’ve asked one of the Monzo Engineers if they could take a look at this…


(Marta) #7

That was done for security reasons, this decision is more explained here:


(Simon B) #8

We’ve noticed that Facebook Messenger also breaks Golden Tickets.


(Marta) #9

Monzoooo, any update on fixing this problem? :sob: