From 9f8854efa52ffdcccac51cac133f36be5d3806c0 Mon Sep 17 00:00:00 2001
From: isUnknown <adrien.payet@outlook.com>
Date: Thu, 19 Mar 2026 07:15:44 +0100
Subject: [PATCH] Fix: suppression du timing check (faux positifs sur desktop)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 site/config/routes/download-white-paper.php |  6 ------
 src/views/WhitePaper.svelte                 | 11 +++--------
 2 files changed, 3 insertions(+), 14 deletions(-)

diff --git a/site/config/routes/download-white-paper.php b/site/config/routes/download-white-paper.php
index 218e787..41d93aa 100644
--- a/site/config/routes/download-white-paper.php
+++ b/site/config/routes/download-white-paper.php
@@ -24,12 +24,6 @@ return [
             wpReject(400, 'Bad request');
         }
 
-        // ── Timing check (min 3 s) ────────────────────────────────
-        $openedAt = isset($body['_t']) ? (int)$body['_t'] : 0;
-        if ($openedAt === 0 || (time() * 1000 - $openedAt) < 3000) {
-            wpReject(400, 'Too fast');
-        }
-
         // ── Rate limiting (5 req / hour / IP) ─────────────────────
         $ip       = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? 'unknown';
         $cacheKey = 'wp-dl-' . md5($ip);
diff --git a/src/views/WhitePaper.svelte b/src/views/WhitePaper.svelte
index 31f0871..3f0a9fd 100644
--- a/src/views/WhitePaper.svelte
+++ b/src/views/WhitePaper.svelte
@@ -13,12 +13,7 @@
   let submitting = $state(false)
   let status     = $state(null) // null | 'success' | 'error'
   let showForm      = $state(false)
-  let honeypot      = $state('')
-  let formOpenedAt  = $state(0)
-
-  $effect(() => {
-    if (showForm && formOpenedAt === 0) formOpenedAt = Date.now()
-  })
+  let honeypot = $state('')
 
   let isEmailValid = $derived.by(() => {
     const emailValidator = /^[\w\-\.]+@([\w-]+\.)+[\w-]{2,}$/gm
@@ -39,7 +34,7 @@
       const res = await fetch(`${prefix}/${data.uri}/download`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ firstName, lastName, company, role, email, _hp: honeypot, _t: formOpenedAt })
+        body: JSON.stringify({ firstName, lastName, company, role, email, _hp: honeypot })
       })
       const result = await res.json()
       if (result.fileUrl) {
@@ -167,7 +162,7 @@
     font-family: "Danzza", sans-serif;
     font-size: var(--font-size-paragraph);
     opacity: 0.8;
-    max-width: 480px;
+    max-width: 90%;
   }
 
   /* Mobile trigger: hidden on desktop */