Adding extra parameters after generating URL #195
Comments
|
Why does SalesForce do this? What extra parameters exactly? Are the extra parameters always the same? I mean, how you can guarantee that those query parameters won't change in the future, or if their values won't change? It sounds like even if you were able to add some extra query parameters, you are still not 100% sure what SalesForce will add, right? |
Those are added by my company SalesForce managers I believe. Used to track some data about clicking anything in the verification email itself. So basically yeah I am not sure which parameters will be used and if new ones will appear sometime in the future. For now I just update the query parameters (by removing the extra ones and just leaving the ones needed for this bundle) of the Symfony Request used to validate the email. |
There is not a mechanism to modify the signed URL once it has been generated by I'm not familiar with Salesforce - but I believe if you generate a signed URL -> modify the signed URL (e.g. what it sounds like salesforce is doing) -> attempt to validate the malformed signed URL -> validation will fail. The best solution (although it may not be possible in your situation) would be to pass an extra query param's to as the$extraParams arguments in your controller. Then those params would become apart of the signature.
Else, you would need to "sanitize" the signed URL before validation by removing any params that were not used when the signature was generated. See: https://github.com/SymfonyCasts/verify-email-bundle/blob/main/README.md#reserved-query-parameters For v2, we could create a configuration based mechanism to remove some/all extra query params in thought I have not fully thought out the consequences for doing so in the bundle. |
Thank you. Yes sanitization indeed helps. I believe this could be even implemented into the bundle itself. Just clean all the extra parameters that might be added by some email service providers. |
So I have this issue with sending verification emails through SalesForce. They always add some extra query parameters to URL before adding the link into the email.
I see that if you add any extra parameter into URL - verification process fails and it won't work except you add those parameters while generating the URL itself.
Is there any way to add extra parameter after the verification link has been generated?
The text was updated successfully, but these errors were encountered: