Opinion on example.com/username with routes
I am creating a site where users have their own "profile". I use routes for neat urls and I wondered what the pros / cons are for the following:
example.com/:username
Or should I include a static route to filter that this is a profile page request?
example.com/u/:username
example.com/something-static/:username
What's better?
0
source to share
2 answers
If a user is able to provide their username and customize their profile page in a meaningful way, then you run the risk of enabling scam / phishing attacks.
For example, I could sign up with the username "passwordreset", then post a form (or link to a form) on my profile page, and then try to convince people to reset their passwords by visiting example.com/passwordreset.
Then I could collect passwords.
If the URL was example.com/users/passwordreset, chances are the user of the alert will become suspicious.
+3
source to share