Actually the email does use the url from config.json. Check it out here
Robert last edited by Kowlin
Quick and simple bug in the emails. It appears that you can set a invalid email address while registering or editing by just adding a @ in the field, and its accepted.
Henry Wright last edited by
@Kowlin just a side note, I always make sure I require email verification which seems to stop spoof email addresses at the point of registration.
We purposefully err on the side of accepting emails because running a regular expression to validate emails is ridiculously hard:
Robert last edited by
But atleast one thing is consistent, emails will always have a
.in them. Might be more helpful to do that then just
@to have a bigger safeguard to human failur.
The idea is that rejecting emails outright serves no purpose besides being an annoying roadblock for a user upon registration.
If someone wants to put in a garbage email, they'll figure out a way, and on the other hand, throwing errors on legit signups increases barrier to entry.
As above, best way to validate is to force email validation.