[wp-trac] [WordPress Trac] #50141: Data erasure/export links should notify the user that the action has already been confirmed
WordPress Trac
noreply at wordpress.org
Tue May 12 04:01:20 UTC 2020
#50141: Data erasure/export links should notify the user that the action has
already been confirmed
--------------------------+------------------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: administration
--------------------------+------------------------------
Comment (by dd32):
Replying to [comment:2 johnbillion]:
> Is it common for email clients or servers to automatically follow links
in emails? That sounds like a nightmare from a privacy and functional
point of view.
The only place I've seen it happening is with Antivirus scanners (Client-
based and server-side), Checking for malicious content in embedded links
is a common offering as far as I know. Some just compare against known
phishing urls, others check the actual page content for malicious content.
I can't really think of many links that you'll find in emails where an
unauthenticated scanner requesting the URL would cause concern, let alone
expire the link.
> Let's open a separate issue for that as it affects other functionality
too such as password resets.
I don't think that would be the case, since those links only expire once
the form on the pages actually get used. The first request just adds the
URL params to cookies and redirects to a non-tokenised url.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50141#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list