Remove trailing slash ability from password reset's submit_token endpoint (#6074)
Remove trailing slash ability from the password reset submit_token endpoint. Since we provide the link in an email, and have never sent it with a trailing slash, there's no point for us to accept them on the endpoint.
This commit is contained in:
parent
aeb40f355c
commit
7763dd3e95
|
@ -0,0 +1 @@
|
|||
Prevent password reset's submit_token endpoint from accepting trailing slashes.
|
|
@ -200,7 +200,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
|
|||
"""Handles 3PID validation token submission"""
|
||||
|
||||
PATTERNS = client_patterns(
|
||||
"/password_reset/(?P<medium>[^/]*)/submit_token/*$", releases=(), unstable=True
|
||||
"/password_reset/(?P<medium>[^/]*)/submit_token$", releases=(), unstable=True
|
||||
)
|
||||
|
||||
def __init__(self, hs):
|
||||
|
|
Loading…
Reference in New Issue