mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-04 14:42:07 -05:00
0aaeb6671e
This fixes an issue where the reset token was leaked in the referrer header when navigating away from the password reset page to an external site. Now we get the token from the query string, store it in the session, then redirect to the bare url of the password reset page, which then uses the stored token to render the reset form. |
||
---|---|---|
.. | ||
PasswordResetControllerTests.coffee | ||
PasswordResetHandlerTests.coffee |