Microsoft 'Safelinks' (Defender) breaks links. #79
Comments
|
Does it use an identifiable user agent when it checks the links? If so, we could instruct the package to ignore that user agent when deciding whether to expire a single use link. |
|
Example of the user agent: {
"ip":"20.72.100.79",
"agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"
} |
|
This has come back, with a vengeance 😅 - It seems more recent versions of Outlook or Defender or something, are pre-checking links a lot more now. For us, the user-agent is always blank it seem (from request logs) and the IP's vary, as you'd expect I suppose, but do seem to be in the same class B subnet: 104.47.1.254 Further investigations, and thoughts about how to get around this are ongoing, and I'll update here if I find something useful. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When a client uses a service like Microsoft's 'SafeLinks', one-use login links are broken. It seems that they effectively get used up by a GET to HEAD request that the link checking service does. Here's some more info on another product having the same issue: FusionAuth/fusionauth-issues#629 (and loads of other repos referencing that issue too).
Anyone found a way around this with this package? Presumably it would have the same impact on Laravel's bundled email verification.
The text was updated successfully, but these errors were encountered: