Hi all,
Just testing the password reset for a new site and noticed that the URL
scheme is hard coded to HTTP in the email templates
password_reset_verify.html/.txt. Given that my site is running under HTTPS,
shouldn't the templates should use {{ request.scheme }} instead for better
security? Should I file a bug?
Of course I can trivially workaround this by overriding the templates
locally but ISTM it would be better if the email templates used {{
request.scheme }} by default.
Cheers, John
--
You received this message because you are subscribed to the Google Groups
"Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
