diff --git a/docs/pages/guides/email-and-password/password-reset.md b/docs/pages/guides/email-and-password/password-reset.md index 7301cc99e..09fcb5226 100644 --- a/docs/pages/guides/email-and-password/password-reset.md +++ b/docs/pages/guides/email-and-password/password-reset.md @@ -51,7 +51,9 @@ app.post("/reset-password", async () => { // ... const user = await db.table("user").where("email", "=", email).get(); - if (!user || !user.email_verified) { + if (!user) { + // If you want to avoid disclosing valid emails, + // this can be a normal 200 response. return new Response("Invalid email", { status: 400 });