Open meredevelopment opened 2 years ago
edgrosvenor
commented
2 years ago Does it use an identifiable user agent when it checks the links? If so, we could instruct the package to ignore that user agent when deciding whether to expire a single use link.
nivv
commented
2 years ago Example of the user agent:
{
"ip":"20.72.100.79",
"agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
}
meredevelopment
commented
1 year ago This has come back, with a vengeance 😅 - It seems more recent versions of Outlook or Defender or something, are pre-checking links a lot more now.
For us, the user-agent is always blank it seem (from request logs) and the IP's vary, as you'd expect I suppose, but do seem to be in the same class B subnet:
104.47.1.254 104.47.30.126 104.47.2.254 104.47.59.254 104.47.66.126 104.47.55.254
Further investigations, and thoughts about how to get around this are ongoing, and I'll update here if I find something useful.
creaturemusings
commented
5 months ago @meredevelopment Heyo! It's been some time, so I doubt you'll answer me, but- did you ever figure out a solution?
When a client uses a service like Microsoft's 'SafeLinks', one-use login links are broken. It seems that they effectively get used up by a GET to HEAD request that the link checking service does. Here's some more info on another product having the same issue: https://github.com/FusionAuth/fusionauth-issues/issues/629 (and loads of other repos referencing that issue too).
Anyone found a way around this with this package? Presumably it would have the same impact on Laravel's bundled email verification.