Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
/user/password and /user/reset/{uid}/{timestamp}/{hash} paths should be banned as cosign handles that
Comment | File | Size | Author |
---|---|---|---|
#3 | cosign-routing-2780881-3-8x.patch | 2.39 KB | el1_1el |
routing.patch | 939 bytes | el1_1el | |
Comments
Comment #2
mlhess CreditAttribution: mlhess as a volunteer commentedThere are use cases where cosign and normal Drupal logins are used for authentication. This patch would remove normal Drupal users from resetting their passwords.
Comment #3
el1_1el CreditAttribution: el1_1el commentedok. how about this instead.
Comment #5
mlhess CreditAttribution: mlhess as a volunteer commented