View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007891 | OXID eShop (all versions) | 1.08. Listmania, Notice list, Gift registry | public | 2026-02-04 16:32 | 2026-02-04 16:32 |
| Reporter | mboesing-tqgg | Assigned To | |||
| Priority | none | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 7.3.0 | ||||
| Summary | 0007891: Adding multiple items to noticelist at once causes performance issues | ||||
| Description | When adding multiple items at once to the noticelist, one can find out that the loading time of the request will increase, the more requests there are open. Especially on in the basket, that is a problem since the basket is not reloading but sending requests via XHR. | ||||
| Steps To Reproduce | I was able to reproduce the issue in the demoshop as well (we had that in our shop but even worse). First way to reproduce: 1. Add 10-15 articles into the basket (the higher the amount of a single article, the more the performance will decrease) 2. navigate to the basket overview 3. execute the following javascript via console and check network tab to track loading times ``` Array.from(document.getElementsByName('removeBtn')) .filter(el => el.title === 'Auf die Merkliste') .forEach(el => el.click()); ``` Second way to reproduce. 1. Navigate to a category which has a multiple articles, i.e. https://demoshop.oxid-esales.com/Ersatzteile/Karosserie/ 2. Run the following javascript via console (I am aware that this is not possible as clicking it as a human being would reload the page - this is just to show the underlying issue) ``` document .querySelectorAll('a[aria-label^="Auf den Merkzettel"]') .forEach(el => { fetch(el.href, { method: 'GET', credentials: 'same-origin' }); }); ``` | ||||
| Additional Information | We just stumbled upon this problem since we detected outages due to this endpoint. After investigating, there were a bunch of requests send to this endpoint in an inhuman request rate. It seems that we have a customer who is trying to auto-buy articles via some "bot" which is actually clicking on the website. Whyever, this bot seems to use the "tonoticelist" feature (maybe because of the button is named `removeBtn`) instead of clicking the `delete` button. The "customer" has 100+ articles in his basket and it seems that he wants to remove many of them. Since every click on that `star` icon for the "move to noticelist" feature is also causing a `POST` request afterwards to change the basket amount of that article, that ramps up hundreds of parallel requests which then cause overall system performance problems. The same can be seen in the OXID demoshop and thus is not just related to our setup. We are now disabling the feature on our side (sadly there is no OXID feature toggle for that) to prevent users from potentially DDoS our server but I'd love to see this investigated by OXID as this seems odd to me that it is possible to decrease overall system performance by calling some requests. | ||||
| Tags | No tags attached. | ||||
| Theme | Apex | ||||
| Browser | Not defined | ||||
| PHP Version | 8.4 | ||||
| Database Version | MySQL 8.0 | ||||
