This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
PASSWORD_RESET_URL_ALLOW_LIST with includes a # generates an invalid link in the email #13078
Comments
ludi81
changed the title
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Describe the Bug
Hi,
we use a # in our link for password rest. Therefore we set the PASSWORD_RESET_URL_ALLOW_LIST as follows:
PASSWORD_RESET_URL_ALLOW_LIST='https://URL/app/#/password/reset/'The system generates the following url
https://URL/app?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6InNvZmlhQGx1ZGVzY2hlci5hdCIsInNjb3BlIjoicGFzc3dvcmQtcmVzZXQiLCJoYXNoIjoiN2Q2NmEyOGYiLCJpYXQiOjE2NTE0NzU1NDgsImV4cCI6MTY1MTU2MTk0OCwiaXNzIjoiZGlyZWN0dXMifQ.8LC5tbTGBcmSanifhrx_8nkkUzOEnRdYbYEC_wHRHEI#/password/resetinstead of
https://URL/app/#/password/reset/?token=....The token will be inserted in before the # in the provided url.
The problem is in the requestPasswordReset function of the node_modules/directus/dist/services/users.js file
To Reproduce
see above
Errors Shown
none
What version of Directus are you using?
9.9.1
What version of Node.js are you using?
v16.13.2
What database are you using?
mysql
What browser are you using?
Safari and Chrome
How are you deploying Directus?
locally
The text was updated successfully, but these errors were encountered: