Reset token validation page uses a different redirect when email doesn't exist. They should use the same redirect to prevent leaking account existence
Reset token validation page uses a different redirect when email doesn't exist. They should use the same redirect to prevent leaking account existence