mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
Remove trailing slash ability from password reset's submit_token endpoint (#6074)
Remove trailing slash ability from the password reset submit_token endpoint. Since we provide the link in an email, and have never sent it with a trailing slash, there's no point for us to accept them on the endpoint.
This commit is contained in:
parent
aeb40f355c
commit
7763dd3e95
1
changelog.d/6074.feature
Normal file
1
changelog.d/6074.feature
Normal file
@ -0,0 +1 @@
|
||||
Prevent password reset's submit_token endpoint from accepting trailing slashes.
|
@ -200,7 +200,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
|
||||
"""Handles 3PID validation token submission"""
|
||||
|
||||
PATTERNS = client_patterns(
|
||||
"/password_reset/(?P<medium>[^/]*)/submit_token/*$", releases=(), unstable=True
|
||||
"/password_reset/(?P<medium>[^/]*)/submit_token$", releases=(), unstable=True
|
||||
)
|
||||
|
||||
def __init__(self, hs):
|
||||
|
Loading…
Reference in New Issue
Block a user