unsubscribe link from email not working
pdcoutinho opened this issue · 5 comments
Users are sent an email if their subscribed topics are replied.
In said email, there is a link to unsubscribe. That link issues a GET request, but routes show a POST, and the website breaks.
http://example.com/forums/some-forum/topics/some-topic/unsubscribe
forem (1.0.0.beta1)
Rails 4.2.0
no route matches get unsubscribe bla bla bla bla ^^
Hi @pdcoutinho. Thanks for submitting this issue. Could you please submit a patch to fix it? That would be great. Changing the route to be a GET
route should fix it.
Rather than an authenticity token, could we instead have a unique hash on the topic + subscription that is generated + then is passed through in this request? The route will change to a GET
request, and the token will make it so that nobody would be able to CSRF-attack a way for people to unsubscribe.
I'm thinking something such as SecureRandom.hex(24)
should be fine for this.
Patches welcome to fix this :) I do not have time myself.