this post was submitted on 12 Aug 2024
994 points (99.5% liked)

Programmer Humor

19512 readers
344 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] zaphod@sopuli.xyz 37 points 3 months ago (6 children)

It's quite simple actually: The user wanted to delete their account, but forgot their password so they requested a password reset. Before the password reset email was delivered, the user remembered their password and deleted their account. The password reset email is finally delivered and apparently some email clients open all the links in the background for whatever reason, so it wasn't actually the user who clicked the password reset link.

[–] ClassifiedPancake@discuss.tchncs.de 21 points 3 months ago (5 children)

apparently some email clients open all the links in the background for whatever reason

What? Really??

[–] tedvdb@feddit.nl 34 points 3 months ago (3 children)

Yes, e.g. outlook replaces links in mails so they can scan the site first. Also some virusscanners offer nail protection, checking the site that's linked to first, before allowing the mail to end up in the user's mail client.

Thats why you never take actions on a GET request, but require a form with button for the user to do a POST.

[–] TrumpetX@programming.dev 11 points 2 months ago (1 children)

It can be worse, we had to add a captcha for those link scanners cause they'd submit the forms and invalidate tokens too:(

[–] jaybone@lemmy.world 4 points 2 months ago

Wow. That sounds terrible. Good to know.

load more comments (1 replies)
load more comments (2 replies)
load more comments (2 replies)