Ever since this started rolling out, the forum pages have a too frequent tendency to refresh itself whenever a link is clicked after some time has passed. Would appreciate this being fixed so I don’t have to deal with random reloading of the forum.
2 Likes
I’m doing this a lot as well, my muscle memory will take a while to catch up. This is pretty annoying because the forum takes a while to load from another page.
Not sure if it’s just me but the nav feels a little unresponsive on the forum side? E.g. forum takes longer to load sometimes than I expect, or clicking the create nav buttons on the new top bar don’t kick off any loading animations anywhere, not even in the browser.
2 Likes
This is how it should look like. Still doesn’t fix for the muscle memory when you want to go to the home page of the Devforum, clicking on the top left leads you to the Creative Hub now.
4 Likes
This update is actually amazing for me, as I have everything in one place! Though, some few design issues I have with it:
Are they changing this forum every day? Seems like a new font again. This one makes me feel like i’m reading all caps even though its not all caps.
I think its because the lower case letters are almost as tall as the upper case ones:
I created a script for people that might want to revert it to the old version, check the reply above.
Pretty decent change, but it is kinda clunky to use the forum.
I especially dislike that these arent combined.
2 Likes
We’ve seen both issues and will fix, thanks!
4 Likes
nice! i am glad the dev form has been integrated into the creator dashboard! its a lot more convenient now to goto now, considering i spend about 70% of my time as a dev on the website, within the creator’s dashboard.
Let me explain, so basically Discourse uses JS to use forum actions. I think mixing UIBlox with that Discourse JS could work out even better.
Hey folks! Thanks for your feedback so far.
We’ve updated the nav scroll behavior so it condenses into an icon instead of “Forum” (or just “F…” on mobile devices). We also improved the look and position of the dropdown on mobile and fixed some padding issues.
9 Likes
I’m really satisfied with this change now that it works the way it does! I found that I’ve been spending less time navigating to the pages I’m trying to get to since this was implemented, especially since the forum is the first Roblox page I check.
4 Likes
While addressing the limitations is not urgent, they should eventually be addressed, because I have recently realized an issue that can arise from this which is that:
If you’re logged onto both the creator hub and forum through account A, then account A logs out of the creator hub, account A will still be logged onto the forum.
Now, if another account, account B, then logs onto the creator hub through the same device that account A used, account B will be able to access account A’s forum account. Account B doesn’t have to necessarily be an alternative account of account A, it can be any account.
These circumstances enable account B to be able to attack account A’s RDF (Roblox Developer Forum) account.
I had written to HackerOne discussing this further in depth and while attacks against account A’s forum account can theoretically occur due to these circumstances, this issue being practically exploited would be very rare as it requires the device of the victim instead of their session cookies. In other words, it requires an unlikely user interaction where the victim trusts someone with their device and then the victim is backstabbed by the person they trusted, through the Roblox Forum. Now, what are the chances of that happening? As the issue requires the victim’s device and an unlikely interaction (attacking through the RDF), H1 did not deem my report valid and closed it as informative. I can see why it was not a valid report.
However, the chance of this issue being exploited still exists even though it is near zero. I can see that near zero chance being higher than usual if the device is intended to be used by many people (for instance, computers in a public library, or computers in a school classroom used to teach a computer class).
So, I would suggest eventually implementing a session update sometime that ends both sessions if the creator hub session is ended on its own, to avoid a near impossible but not impossible attack situation.
1 Like
Please note that the current way the sessions are handled has been the status quo since 2013. This is not a new thing that there are different login sessions for the forum and for Creator Hub.
We mentioned a few times across the thread here that we’ll be working on smoothening out the differences between the two surfaces so they can eventually be merged. This is going to take some time since there are technical hurdles to overcome. Thanks for your patience here.
I saw the Hackerone ticket you submitted and I don’t believe there is a meaningful risk here. I think the difference in sessions is now just becoming more obvious because this is the first time we’re properly showing it on the devforum. Again we will work on resolving the UX inconvenience here in the future.
2 Likes
This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.