It seems RecoveryURL has disappeared from email te...
# ory-selfhosting
s
It seems RecoveryURL has disappeared from email templates (in Kratos V1.2.0). I understand the CORS issues, I believe there is a security issue too though I am not clear what this is. Is it likely that the ValidationURL will disappear from validation email templates also?
b
The variable was included for
link
recovery, but for
code
it was never there. Nothing changed in Kratos v1.2. in that regard. The security issue is, that we need to invalidate the link after it has been visited, because otherwise, someone could obtain the link, and get a valid session out of it. However, email scanners sometimes open links in emails to check their content, invalidating the recovery link, making recovery not possible for some users. For verification (I assume you mean that by
ValidationURL
), this is not the case, so it won't go away.
s
Thank you for explaining. Thats great - its quite possible that rather than the feature disappearing we just had some bugs in our templates (still in the testing phase). Thanks very much