search

mailcow / mailcow-dockerized

mailcow: dockerized - 🐮 + 🐋 = 💕
https://mailcow.email
GNU General Public License v3.0
8.97k stars 1.18k forks source link

.well-known/change-password #3864

Open strarsis opened 3 years ago

strarsis commented 3 years ago

Summary

Google Chrome password manager noticed me of a compromised password. The listed site also offers a "Change password" button - which will lead to the site domain + ./well-known/change-password

Motivation

The URI well-known/change-password is a proposed mechanism for users to easily adjust the password.

Additional context

https://web.dev/change-password-url/

dragoangel commented 3 years ago

For me in case with mailcow it will strange, as users change password right on first page on first link after login. What point to add this? If you like you can simply do 301 redirect from /.well-known/change-password to / and that all.

P.s. in issue you missed . before well-known :D

strarsis commented 3 years ago

@dragoangel: But redirecting to / wouldn't display a password change page right away, right?

dragoangel commented 3 years ago

Yes, thats why I said "it willl strange". To get this looking nice need to have dedicated page for only password change.