Open utterances-bot opened 3 years ago
two things: is there a way to be actually sure the link is expired? because invalid signature sounds like someone tampered with payload (or link got mangled by the client app, it happens and in this case you probably want proper error message)
and do you use "instant" action links or require confirmation POST later? instant/direct may be better UX but for performing actions GET is always a bad idea, and in case of mail (and SMS often) clients they may decide to render preview, in effect performing the action
Why wouldn't you create a custom 403 page and control where the User is taken (after say 10 seconds) ? Curious as to what is being gained with this approach ? Thank you for your time.
Dealing with expired signed URLs in Laravel - Freek Van der Herten's blog on PHP, Laravel and JavaScript
https://freek.dev/1977-dealing-with-expired-signed-urls-in-laravel