framework: Wrong URL reset link when using subdomains
- Laravel Version: 5.5.3
- PHP Version: 7.1.7 (homestead)
- Database Driver & Version: MySQL
Description:
Out of the box, Laravel is sending reset password e-mail with the wrong password reset link when using subdomains.
It was suposed to be http://subdomain.app.com/password/reset/<token> but it is sending http://app.com/password/reset/<token>. I’m using Auth::routes().
It’s related to commit cef10551820530632a86fa6f1306fee95c5cac43 but I can’t figure out how to address this issue without creating security issues (as stated in the commit).
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 28 (10 by maintainers)
I resolved this issue by changing the vendor\laravel\framework\src\Illuminate\Auth\Notifications\ResetPassword.php that comes out of the box.
replace line ->action(‘Reset Password’, url(config(‘app.url’).route(‘password.reset’, $this->token, false))) to ->action(‘Reset Password’, url(route(‘password.reset’, $this->token, false)))
config(‘app.url’) is your url root but you want relative path instead
or you can extend the notification class
<?php namespace Larashop\Notifications; use Illuminate\Notifications\Notification; use Illuminate\Notifications\Messages\MailMessage; class ResetPassword extends Notification { public function __construct($token) { $this->token = $token; } public function via($notifiable) { return ['mail']; } public function toMail($notifiable) { return (new MailMessage) ->line('You are receiving this email because we received a password reset request for your account.') ->action('Reset Password', route('password.reset.token',['token' => $this->token])) ->line('If you did not request a password reset, no further action is required.'); } }I’ve just cracked open a new issue for this as i believe it’s a true bug, along with how i worked around it. https://github.com/laravel/framework/issues/27045
@slakbal I doubt it.