Closed snarchio closed 4 months ago
This is actually the intended behavior ... the security issue is that without the validation that the link was in the email then someone can create a malicious link through your website to redirect to an attack website. Unfortunately, you will need to extend the expire-days
value or create a page that describes that the link has expired.
The situation is this
'expire-days' => 60
'redirect-missing-links-to' => '/'
)In my opinion the right behaviour must be that the user can reach the intended link even if the tracking is expired
A solution could be that in
MailTrackerController
->linkClicked(...)
at the bottom changereturn redirect(config('mail-tracker.redirect-missing-links-to') ?: '/');
toreturn redirect(config('mail-tracker.redirect-missing-links-to') ?: $url);