bert hubert πΊπ¦πͺπΊπΊπ¦ on Nostr: So I send out login links in emails. If the user clicks on the link, JavaScript in ...
So I send out login links in emails. If the user clicks on the link, JavaScript in that webpage will *POST* to a URL to log in. The login token works only *once*. I now have a user that tells me they can't log in. From the logs, I see a Microsoft IP address POSTing that login link. Is some kind of MS email security product executing JavaScript and POSTING things? Is this a known phenomenon? I've now made this a login *button* which the user has to click again. I hope it helps.
Published at
2025-01-22 19:34:11 UTCEvent JSON
{
"id": "8e2ef55b9ecd6112462ec812a1694e4633c81c1af9ab426c704f7a72c87a9c38",
"pubkey": "a78a4c8a0cd547645f19177edcea3ab760de88419e6ebf94ae5d5056e95dc3fa",
"created_at": 1737574451,
"kind": 1,
"tags": [
[
"proxy",
"https://fosstodon.org/@bert_hubert/113873679257235602",
"web"
],
[
"proxy",
"https://fosstodon.org/users/bert_hubert/statuses/113873679257235602",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://fosstodon.org/users/bert_hubert/statuses/113873679257235602",
"pink.momostr"
],
[
"-"
]
],
"content": "So I send out login links in emails. If the user clicks on the link, JavaScript in that webpage will *POST* to a URL to log in. The login token works only *once*. I now have a user that tells me they can't log in. From the logs, I see a Microsoft IP address POSTing that login link. Is some kind of MS email security product executing JavaScript and POSTING things? Is this a known phenomenon? I've now made this a login *button* which the user has to click again. I hope it helps.",
"sig": "0fe49d88a85bee2d2d79220c210230f719b855500c02ed1df13701093c89d4da3fdcf388092107ed5e8506b9c893a332edad5a52a7766336115b7bcc947adb6c"
}
