You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you revoke the AccessFrontend permission from anonymous users then the whole registration challenge e-mail mechanism breaks:
After submitting the registration form you'll get an Access Denied because AccountController/ChallengeEmailSent is inaccessible.
Opening the link received in the challenge e-mail will again give you an Access Denied because the ChallengeEmail action is inaccessible too. Same would later happen with ChallengeEmailSuccess and ChallengeEmailFail too.
RegistrationPending has a similar issue. So all but the LogOff action needs [AlwaysAccessible] it seems.
The fix is trivial, I'm opening this only because I may be missing something obvious. So should we just add [AlwaysAccessible] everywhere mentioned?
The text was updated successfully, but these errors were encountered:
If you revoke the AccessFrontend permission from anonymous users then the whole registration challenge e-mail mechanism breaks:
RegistrationPending has a similar issue. So all but the LogOff action needs
[AlwaysAccessible]
it seems.The fix is trivial, I'm opening this only because I may be missing something obvious. So should we just add
[AlwaysAccessible]
everywhere mentioned?The text was updated successfully, but these errors were encountered: