Open revgum opened 8 years ago
"Forgot Password" email sent to the user includes an HTTP link to reset the password, and the app is not forcing HTTPS. This is a security concern.
Example links that should force HTTPS: http://oregondigital.org/users/sign_in http://oregondigital.org/users/password/edit?reset_password_token=blablahblabh
"Forgot Password" email sent to the user includes an HTTP link to reset the password, and the app is not forcing HTTPS. This is a security concern.
Example links that should force HTTPS: http://oregondigital.org/users/sign_in http://oregondigital.org/users/password/edit?reset_password_token=blablahblabh