Stumbling across a website registration bug

I’m pretty sure I have many more issues with website registrations than the average person. Between sites that don’t recognize abc+filter@domain.com as a valid email address and those with password requirements too weak for my standards, frustration is not uncommon. However, I found a winner tonight where I discovered an actual bug in the implementation of the registration form. All URLs and other information in this post are have been modified for obvious reasons. Anyway, here’s how the story goes:

Upon clicking “Register”, the only thing that happens is a cryptic error code appears at the top of the form. Initially, I figured there was a problem on my end. That happens all of the time too – between Ghostery and a large hosts file blacklist, websites breaking is becoming a near daily occurrence for me. So, I tried again on my laptop using a different browser, where none of the blocking is present, and got the same result. As someone who would rather debug someone else’s website than have to talk to someone over the phone for support, well, that’s exactly what I did.

Next step: try again with Firefox’s network inspector open. Immediate progress when the POST request for submitting the form comes back with a 401 Unauthorized response. You don’t see 401s every day. Ok, it’s probably a server issue, but I’ll look closer anyway. Firefox’s parsing of the request is a dead giveaway that there’s something wrong with the request itself.

Continue reading