Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
Huh? If backend has incorrect validation on the old password string, and returns an error message like “invalid password” without specifying if it’s the old or new password, that’s not particularly helpful for front end. And that’s pretty common for an API response not to have fine grain details.
The UI is capable of validating up front before the service request, assuming they know the exact validation rules BE uses.
That would be actively malicious. I don’t know how anyone could get the idea to just show “something” if the backend sends a generic error message.
Huh? If backend has incorrect validation on the old password string, and returns an error message like “invalid password” without specifying if it’s the old or new password, that’s not particularly helpful for front end. And that’s pretty common for an API response not to have fine grain details.
The UI is capable of validating up front before the service request, assuming they know the exact validation rules BE uses.
Or the FE just fucked up. Both are plausible.