Password reset link uses HTTP

The password reset link uses http, is there any way to change it to https?

Example of a link that comes to the mail: http://url9662.mydomain.com/ls/click?upn=YCsazmhkuB8BCKxagMCyrVKMXdvraCFlL6X6W3u1fE8bZBOMCdOnwsF-2BYyLQMderPgeExGt04DOyskdyMZaOn4JLBcGWyc1A8OPkrptnzJfLxP1dVlqUG2YNs6Jl-2FNoZ6CqtGSBpWqEjhtaGS6M1mw-3D-3DB_UJ_NTbK7Cr-2VAMbrzq-2FR0izmkwceWeucFu078GhCXA8fHSC7AVERO2jemIBJubalSkVlp1f7D5PqeEv1k7JokBL60G0Fni05QysFYZe4PUSjkBsYS5zc1cSvrS3ptBO3WNCX4795HClzqmpYlmbSnMauNXYNkSNA6wzybZdIL-2FsWiqASmzufVEOIPJiLl-2B-2BiyR87Jl6O9cM1DssOyavoM03NL6f31qtPI3MRTgH77nz0fU-3D

Then it’s changed to: https://dev-gbr35swfg0r8jqk.eu.auth0.com/u/reset-password?ticket=n04BEDnATlVD1N0dSu0KhvHRl90cdOt#

Some of our customers got the error “The connection to url9662.mydomain.com is not secure”

Hi @nikita.p,

Welcome to the Auth0 Community!

I just tested a standard PW reset email flow and I don’t see any HTTP requests.

Do you have a custom domain set up that could be causing this?

Hi, thanks for the reply. No, we are not using a custom domain yet.

The password reset page itself uses HTTPS for us, but the link uses HTTP, you can try to copy the link that comes to your email.

At first HTTP link comes but then redirects to HTTPS

image1197×724 40.2 KB

Hm, the link sent to me is HTTPS.

Are you planning on using a custom domain? That may also address this.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.