jonshutt
commented
5 years ago Actually, posting the data not putting URL works
Closed jonshutt closed 5 years ago
jonshutt
commented
5 years ago Actually, posting the data not putting URL works
If a user has a password which includes certain characters like '/', a password like 'my&pass?=xxx' results in a url of:
api/auth/login?email=test"test.com&pwd=my&pass?=xxx
This clearly won't work, as it'll just read the password as 'my'
Does anyone have a solution for this other than asking people to choose a simpler password (which goes against the usual choose a complicated password rules!)
Cheers