Devise allows you to view user emails.
This is a specific privacy issue. The problem is that if you request a new confirmation email, you can enter any email address that you want, and if it is not found in the database, you get "not found", which allows someone to check, registered whether a specific email.
What could be a good way to fix this? I did not send this to the development team, but I'm not sure if this behavior is “Required”.
Route Waiver: / users / confirm
This is not an option to disable the confirmation module. Any good workaround to fix this?
source
share