Thats top notch design.
All actions happening on the page go to one endpoint. Removing old trusted computers, changing the password, changing 2FA, you name it.

Now if you want to remove all old trusted devices, you cannot remove all at once, there is no button for it. So you click one after the other. And then it stops working. Ok, then do the normal password rotation. Hmm, button has a loading spinner and then nothing happens.

Looking into the browser console:
- All requests go to /myaccount/security/graphql
- All requests get a 429 Too many requests
- Even if you just click a panel, it tracks the action to the graphql endpoint. Or at least tries to because even that gets shot down with a 429

Pretty dumb, eh? Must be some small shitty website. It's not. It's fucking paypal.

  • 2
    I'm not surprized - it's been utter garbage for the past 2-3 years only making it worse and worse with each "refinement" iteration. Sometimes you can't even make a payment because the loading reaches timeout or returns 503 and you're left wondering like a f**ktard if it's just a "well it doesn't work on my computer" on your side up until you look at the s**t piled up in the briwser console, after which you're left scratching your head with questions like "wait, so why is everyone using this?" and "so how did they get to keep their certifications as an authorized payment processor?".
Add Comment