Hoh man what a journey. And I love that this incredibly complex situation is the only reason that status would return. What a fun time debugging that would have been
Or an email client where you double click the link text to select it and press copy, and somehow this puts the link plus a trailing space in the clipboard to be pasted into a browser.
Hoh man what a journey. And I love that this incredibly complex situation is the only reason that status would return. What a fun time debugging that would have been
Not really the only reason. It would be better to just return “token invalid”.
It could occur by someone messing with the URL from the reset password email, like accidently adding an extra character before pressing enter
Or a poor email client that wraps the URL and doesn’t send the complete one when clicked.
Or someone attempting to find a weakness in the reset password system and sending junk as the token.
Or an email client where you double click the link text to select it and press copy, and somehow this puts the link plus a trailing space in the clipboard to be pasted into a browser.
Yeah that error status code seems like an odd way to reflect such a scenario.