Having JWT in URL sends one to "page not found"

ybguomoltin · July 28, 2020, 5:59pm

Hello

My netlify site name:
https://epcc-pwa-demo.netlify.app/

Context:
Hello I am creating a password reset functionality and during the process I am sending users to a reset page with a JWT in the URL. For some reason when I click on that URL I get brought to a page with the following error message:

Page Not Found

Looks like you’ve followed a broken link or entered a URL that doesn’t exist on this site.

This seems to be a problem caused by the period in the JWT if it is not at the end of the URL. It works fine if I remove the period.

https://epcc-pwa-demo.netlify.app/password_reset/abc.abc ----> DOES NOT WORK
https://epcc-pwa-demo.netlify.app/password_reset/abcabc —> WORKS
https://epcc-pwa-demo.netlify.app/password_reset/abcabc. ----> ALSO WORKS

To replicate:
https://epcc-pwa-demo.netlify.app/password_reset/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjBjNGQ0ZDE3LTkwMDktNDBkZi04ZDcyLTA3OGRlOWUzNzdiZSIsInVzZXJlbWFpbCI6InlpLmd1b0BlbGFzdGljcGF0aC5jb20iLCJpYXQiOjE1OTU4Nzk3MDUsImV4cCI6MTU5NTg4MzMwNX0.dXf6lv9ptYOisJMLPp3RXzfieLk1Is0PRpVgIplE00g

Dennis · July 28, 2020, 5:59pm

Hi @ybguomoltin,

The issue is that having your token inline like that makes our system think it’s a filename. So filename restrictions apply. If you have a dot, the following character denotes a file extension and the path is no longer the path you are looking for. That’s likely the reason you are getting a 404. You’ll want to pass your token as either a body payload or a query string param. Let me know how it goes.