Skip to content

fix: email confirmation link panic in API mode#371

Open
wythers wants to merge 1 commit intoaarondl:masterfrom
wythers:fix-json-api-confirm
Open

fix: email confirmation link panic in API mode#371
wythers wants to merge 1 commit intoaarondl:masterfrom
wythers:fix-json-api-confirm

Conversation

@wythers
Copy link

@wythers wythers commented Jul 31, 2025

When authboss is used as API server (ReadJSON=true), users clicking confirmation links from emails would cause panic and fail to confirm their account. This is because the code tries to read JSON body from GET requests used by confirmation links.

The fix ensures confirmation links work properly in API mode

@wythers
fix: email confirmation link panic in API mode
d3759ca 
When authboss is used as API server (ReadJSON=true), users clicking
confirmation links from emails would cause panic and fail to confirm
their accounts. This is because the code tries to read JSON body
from GET requests used by confirmation links.

The fix ensures confirmation links work properly in API mode
@aarondl
Copy link
Owner

aarondl commented Sep 9, 2025

Surprised this didn't get found until now. Though maybe a better fix is to ignore json body in GET requests? It seems a bit silly to try to parse a body that is likely not there.

While it's true the spec doesn't forbid GET from having a body, in practice it's not even correctly supported by many clients as to be unusable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wythers @aarondl