Security update for Core, with self-updated composer

[yaffs-website] / web / core / modules / user / user.routing.yml

diff --git a/web/core/modules/user/user.routing.yml b/web/core/modules/user/user.routing.yml
index 319f219e8cce34a3f1b942fe0e878a0c442a6b41..e38bb7acad10622a99588bd3b50107ca18f25d75 100644 (file)
--- a/web/core/modules/user/user.routing.yml
+++ b/web/core/modules/user/user.routing.yml
@@ -111,6 +111,15 @@ user.pass:
   options:
     _maintenance_access: TRUE
 
+user.pass.http:
+  path: '/user/password'
+  defaults:
+    _controller: \Drupal\user\Controller\UserAuthenticationController::resetPassword
+  methods: [POST]
+  requirements:
+    _access: 'TRUE'
+    _format: 'json'
+
 user.page:
   path: '/user'
   defaults: