Thanks John. Using request.scheme sounds correct, could you open a PR with the fix?
On Tue, Apr 11, 2017 at 2:00 PM, John Barham <[email protected]> wrote: > Hi all, > > Just testing the password reset for a new site and noticed that the URL > scheme is hard coded to HTTP in the email templates > password_reset_verify.html/.txt. Given that my site is running under > HTTPS, shouldn't the templates should use {{ request.scheme }} instead for > better security? Should I file a bug? > > Of course I can trivially workaround this by overriding the templates > locally but ISTM it would be better if the email templates used {{ > request.scheme }} by default. > > Cheers, John > > -- > You received this message because you are subscribed to the Google Groups > "Mezzanine Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Stephen McDonald http://jupo.org -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
