Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Different userURL still shows the form #31

Open
sebsel opened this issue Aug 12, 2017 · 1 comment
Open

Different userURL still shows the form #31

sebsel opened this issue Aug 12, 2017 · 1 comment
Labels
discuss

Comments

@sebsel
Copy link
Collaborator

sebsel commented Aug 12, 2017

In my testing, when I used a different userURL, the form seems to accept it. Of course, the password will not match etc, so there will be no signed code, but maybe we can display the username, or, since we only support one, check for a valid one before showing the form?

After thinking about it: maybe we should not give away that information? The genuine user will not be in this situation, only when people will fiddle with the params.

On the other hand: what happens with https vs http / if the user changes his URL?
@Zegnat
Copy link
Collaborator

Zegnat commented Aug 12, 2017

[…] maybe we can display the username, or, since we only support one, check for a valid one before showing the form?

I would be tempted to just throw an error for an invalid me parameter when it doesn’t match the user’s expected URL. Maybe extend the check for “is it a valid URL” to “is it the URL we expect”?

@Zegnat Zegnat added the discuss label Aug 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discuss
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Zegnat @sebsel