starred/anonaddy
1
0
Fork 0
mirror of https://github.com/anonaddy/anonaddy.git synced 2026-04-25 06:05:55 +03:00
Code Issues 103 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #355] APP_URL #856

New issue
Closed
opened 2026-03-14 10:55:22 +03:00 by kerem · 1 comment
kerem commented 2026-03-14 10:55:22 +03:00
Owner
Copy link

Originally created by @muxo771 on GitHub (Oct 31, 2022).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/355

The APP_URL has to be set to a real address.

Had setup a test system with a non-default port for the webserver.

Always got a 403 bad signature for the verification email, because I added the port number by hand.

After some search I found a hint how the system creates the verification email.
https://stackoverflow.com/questions/53892356/laravel-5-7-signed-route-returns-403-invalid-signature

UNDERSTANDING LARAVEL EMAIL VERIFICATION WAY

Understanding the way of verification can help you simply solve this error.
laravel makes a temporary signed url using method URL::temporarySignedRoute(),
this method is called in verificationUrl() located at \vendor\laravel\framework\src\Illuminate\Auth\Notifications\VerifyEmail.php.

So if the url that sent to emails is different from url that will laravel get at the time of verification (time of checking signature of url), 403 | invalid signature occurs.

Example:

if you set APP_URL to http://yourdomain.com/, verification link should be look like http://yourdomain.com/email/verify/{id}/{hash}. now if you set your server configs to redirect to https, invalid signature will occured, since the url laravel gets is https://yourdomain.com/email/verify/{id}/{hash} and not same as email verification url.

After putting the port number also in the .env I could verify the test account.

Could be helpful to explain it on the comment line, like has to be the complete url(:port) or verification will fail.

or

The URL of the AnonAddy instance, can be anything you like e.g. aa.example.com(:port), or just example.com(:port)

kind regards

Originally created by @muxo771 on GitHub (Oct 31, 2022). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/355 The APP_URL has to be set to a real address. Had setup a test system with a non-default port for the webserver. Always got a 403 bad signature for the verification email, because I added the port number by hand. After some search I found a hint how the system creates the verification email. https://stackoverflow.com/questions/53892356/laravel-5-7-signed-route-returns-403-invalid-signature *********************************** UNDERSTANDING LARAVEL EMAIL VERIFICATION WAY Understanding the way of verification can help you simply solve this error. laravel makes a temporary signed url using method URL::temporarySignedRoute(), this method is called in verificationUrl() located at \vendor\laravel\framework\src\Illuminate\Auth\Notifications\VerifyEmail.php. So if the url that sent to emails is different from url that will laravel get at the time of verification (time of checking signature of url), 403 | invalid signature occurs. Example: if you set APP_URL to http://yourdomain.com/, verification link should be look like http://yourdomain.com/email/verify/{id}/{hash}. now if you set your server configs to redirect to https, invalid signature will occured, since the url laravel gets is https://yourdomain.com/email/verify/{id}/{hash} and not same as email verification url. ************************************** After putting the port number also in the .env I could verify the test account. Could be helpful to explain it on the comment line, like has to be the complete url(:port) or verification will fail. or The URL of the AnonAddy instance, can be anything you like e.g. aa.example.com(:port), or just example.com(:port) kind regards
kerem closed this issue 2026-03-14 10:55:28 +03:00
kerem commented 2026-03-14 10:55:34 +03:00
Author
Owner
Copy link

@willbrowningme commented on GitHub (Nov 1, 2022):

Thanks, I've updated the comment to mention the port too.

<!-- gh-comment-id:1298370539 --> @willbrowningme commented on GitHub (Nov 1, 2022): Thanks, I've updated the comment to mention the port too.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.5.0
v1.4.1
v1.4.0
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.14.1
v0.14.0
v0.13.13
v0.13.12
v0.13.11
v0.13.10
v0.13.9
v0.13.8
v0.13.7
v0.13.6
v0.13.5
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.1
v0.10.0
v0.9.1
v0.9.0
v0.8.10
v0.8.9
v0.8.8
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/anonaddy#856
No description provided.