In case of authenticator.dispatch error or missing user, we put the entire body as query string in the render attributes. Then in the signin.jade template we use it to create URLs
In this case the password could appears in the URL. Even if SSL encrypt the qs, I don't think it's a good idea to keep the password after usage (referer leakage, browser history, proxy logs ...)!
Hi, https://github.com/anvilresearch/connect/blob/325f639980d7c6914913938a247d813ccc6de963/routes/signin.js#L66
In case of authenticator.dispatch error or missing user, we put the entire body as query string in the render attributes. Then in the signin.jade template we use it to create URLs
https://github.com/anvilresearch/connect/blob/325f639980d7c6914913938a247d813ccc6de963/views/signin.jade#L44
In this case the password could appears in the URL. Even if SSL encrypt the qs, I don't think it's a good idea to keep the password after usage (referer leakage, browser history, proxy logs ...)!
Regards, Camille