Remove trailing slash ability from password reset's submit_token endpoint (#6074)
Remove trailing slash ability from the password reset submit_token endpoint. Since we provide the link in an email, and have never sent it with a trailing slash, there's no point for us to accept them on the endpoint.
This commit is contained in:
parent
aeb40f355c
commit
7763dd3e95
|
@ -0,0 +1 @@
|
||||||
|
Prevent password reset's submit_token endpoint from accepting trailing slashes.
|
|
@ -200,7 +200,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
|
||||||
"""Handles 3PID validation token submission"""
|
"""Handles 3PID validation token submission"""
|
||||||
|
|
||||||
PATTERNS = client_patterns(
|
PATTERNS = client_patterns(
|
||||||
"/password_reset/(?P<medium>[^/]*)/submit_token/*$", releases=(), unstable=True
|
"/password_reset/(?P<medium>[^/]*)/submit_token$", releases=(), unstable=True
|
||||||
)
|
)
|
||||||
|
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
|
|
Loading…
Reference in New Issue