Thailand’s government IT hacks embarrassed themselves again Monday, rolling out a broken Thailand Pass registration website after a massive buildup and hype about its central role in powering the country’s reopening to foreign tourism.

But there’s a fix. Read on.

The government’s information-technology efforts long have had a putrid reputation for crashes, dysfunction, data leaks and hacks. Thailand Pass surpassed all prior flops.

The system, which replaces the paper Certificate of Entry to allow fully vaccinated foreign tourists to enter the country with minimal quarantine and lots of hassle and cost, suffered from its first moments with system timeouts, missing drop-down menus and, stupefying design flaws.

The most-serious of them impact those who received the one-dose Johnson & Johnson Covid-19 vaccine. Thailand Pass insisted on J&J recipients uploading proof of having received two doses.

The showstopper for nearly everyone, however, was an “advanced programming interface”, or API, error at final submission. If you managed to make it to the last page, you were thwarted by an error that is the result of piss-poor programming, pure and simple.

As of midnight Monday, there was no response or comment from the Ministry of Foreign Affairs, which runs the website, nor any of the government’s tech minions. But workarounds have surfaced.

Workaround #1: Need More Space

Thais coded this web application, so why should they consider anyone who isn’t Thai? That apparently was the thinking of the monkeys at the keyboards. They programmed the site to accept on Thailand government identification card numbers in the passport field, even though passport numbers are shorter.

Of course, the site doesn’t throw up an error pointing to this flaw, but people figured it out: Put an extra space (or two or four, depending on the advice on Twitter), and your application will go through without the dreaded “Error in API Server” message.

Workaround #2: Use a Chrome Extension

The error in the Thailand Pass web application also may be tied to a very technical problem related to Javascript security in your web browser, called CORS or “Cross Origin Resource Sharing”. CORS is blocked in modern browsers by default in their JavaScript APIs.

Thailand’s crack programmers used the technique anyway. Even freshman web-programming students would know better.

One solution is to use Google’s Chrome browser to submit your Thailand Pass application, using a free “extension” called Allow CORS. Here’s what to do.

  • Open Chrome and get the Allow CORS extension, which can be downloaded here. Pin it to the browser bar.
  • Go to Thailand Pass and turn on Allow CORS by clicking the extension’s button and then the big “C” icon to turn it on. The button should now be in color, not gray.
  • Complete your application. Where it asks for a passport number, add an extra space.
  • On the final page, click “submit”. The application should go through.

Note: No one, including us, has received any email confirmation that the application was submitted. The government’s first attempt at a vaccine-registration website also suffered from this flaw. It seems they never learn.

Hopefully, by tomorrow, the bugs will be killed and confirmations sent. But, then again, This Is Thailand.