The user is redirected to the Firefox Monitor homepage after refreshing the unsubscribe page

[CiprianGeorgiu]

[Affected versions]:

• latest Nightly 64.0a1
• Beta 63.0b3
• Release 62.0

[Affected Platforms]:

• Windows 10 x64
• macOS 10.13
• Ubuntu 16.04 x64

[Prerequisites]:

• the user is already subscribed and has the "Firefox Monitor: Unsubscribe" page displayed

[Steps to reproduce]:

1. Refresh the "Firefox Monitor: Unsubscribe" page.

[Expected result]:

• The "Firefox Monitor: Unsubscribe" page remains displayed.

[Actual result]:

• The user is redirected to Firefox Monitor homepage.

[Regression]:

• Not a regression.

[Additional info]:

• see screencast
  

[groovecoder]

Note: this is the fix for #316.

@jsavory - what should the user see if they refresh the unsubscribe page?

[nhnt11]

@groovecoder @lesleyjanenorton I think the "you are no longer subscribed" view should be separate from /user/unsubscribe - why not serve it as a static page or something so that the browser doesn't ask to resend post data?

[groovecoder]

@nhnt11 interesting ...

In my head I'm avoiding any pages that say something like "You are no longer subscribed" (I'm still not sure I like the "This email address is not subscribed to Firefox Monitor") because I'm extra paranoid about user enumeration against this service. (@psiinon @moz-jvehent - should I be this paranoid?)

I think @lesleyjanenorton has a fix incoming for this though.

[groovecoder]

This is closed as of #406.

Note: the intended behavior is now that refreshing the unsubscribe form after submitted feedback should show the user an error

[jvehent]

should I be this paranoid?

Probably. User enumerations aren't the worst of attacks, but since this is a security service, I think it's fair to take extra precautions.

[nhnt11]

Cool, @groovecoder, I didn't mean to draw attention to the language, I was just using that phrase to identify the view I was talking about :) Anyway, looks like this has been taken care of!