You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
we use a # in our link for password rest. Therefore we set the PASSWORD_RESET_URL_ALLOW_LIST as follows: PASSWORD_RESET_URL_ALLOW_LIST='https://URL/app/#/password/reset/'
The system generates the following url https://URL/app?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InNvZmlhQGx1ZGVzY2hlci5hdCIsInNjb3BlIjoicGFzc3dvcmQtcmVzZXQiLCJoYXNoIjoiN2Q2NmEyOGYiLCJpYXQiOjE2NTE0NzU1NDgsImV4cCI6MTY1MTU2MTk0OCwiaXNzIjoiZGlyZWN0dXMifQ.8LC5tbTGBcmSanifhrx_8nkkUzOEnRdYbYEC_wHRHEI#/password/reset
instead of https://URL/app/#/password/reset/?token=....
The token will be inserted in before the # in the provided url.
The problem is in the requestPasswordReset function of the node_modules/directus/dist/services/users.js file
To Reproduce
see above
Errors Shown
none
What version of Directus are you using?
9.9.1
What version of Node.js are you using?
v16.13.2
What database are you using?
mysql
What browser are you using?
Safari and Chrome
How are you deploying Directus?
locally
The text was updated successfully, but these errors were encountered:
ludi81
changed the title
PASSWORD_RESET_URL_ALLOW_LIST with includes a # generates a invalid link in the email
PASSWORD_RESET_URL_ALLOW_LIST with includes a # generates an invalid link in the email
May 2, 2022
Describe the Bug
Hi,
we use a # in our link for password rest. Therefore we set the PASSWORD_RESET_URL_ALLOW_LIST as follows:
PASSWORD_RESET_URL_ALLOW_LIST='https://URL/app/#/password/reset/'
The system generates the following url
https://URL/app?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InNvZmlhQGx1ZGVzY2hlci5hdCIsInNjb3BlIjoicGFzc3dvcmQtcmVzZXQiLCJoYXNoIjoiN2Q2NmEyOGYiLCJpYXQiOjE2NTE0NzU1NDgsImV4cCI6MTY1MTU2MTk0OCwiaXNzIjoiZGlyZWN0dXMifQ.8LC5tbTGBcmSanifhrx_8nkkUzOEnRdYbYEC_wHRHEI#/password/reset
instead of
https://URL/app/#/password/reset/?token=....
The token will be inserted in before the # in the provided url.
The problem is in the requestPasswordReset function of the node_modules/directus/dist/services/users.js file
To Reproduce
see above
Errors Shown
none
What version of Directus are you using?
9.9.1
What version of Node.js are you using?
v16.13.2
What database are you using?
mysql
What browser are you using?
Safari and Chrome
How are you deploying Directus?
locally
The text was updated successfully, but these errors were encountered: