hash verification uses the server-host variable instead of the drupal-base url
see
public function verifyHash(string $providedHash, int $timestamp, ?string $productionHost = NULL): bool {
...
// Use $_SERVER['HTTP_HOST'] if production host not provided.
$host = $productionHost ?? $_SERVER['HTTP_HOST'];
$expectedHash = $this->generateVerificationHash($host, $timestamp);
return hash_equals($expectedHash, $providedHash);
}use the same production host as used in the UI when determining whether the current environment is prod - that works!
Active
1.0
Code
the logic has been updated as proposed + test coverage is extended to verify this case works now. Furthermore existing tests were adapted as need to keep them passing by using the right production-url.
Automatically closed - issue fixed for 2 weeks with no activity.