Update abuse-key for password recovery to add IP
Update abuse-key for password recovery to add IP
This commit is contained in:
parent
3741786e07
commit
5a54ae8d0a
1 changed files with 1 additions and 1 deletions
|
@ -1733,7 +1733,7 @@ App::post('/v1/account/recovery')
|
|||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||
->label('sdk.response.model', Response::MODEL_TOKEN)
|
||||
->label('abuse-limit', 10)
|
||||
->label('abuse-key', 'url:{url},email:{param-email}')
|
||||
->label('abuse-key', 'url:{url},email:{param-email},ip:{ip}')
|
||||
->param('email', '', new Email(), 'User email.')
|
||||
->param('url', '', function ($clients) { return new Host($clients); }, 'URL to redirect the user back to your app from the recovery email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients'])
|
||||
->inject('request')
|
||||
|
|
Loading…
Reference in a new issue