devise icon indicating copy to clipboard operation
devise copied to clipboard
verified publisher icon heartcombo

URL fragment lost in `after_sign_in_path_for`

Open dchacke opened this issue 3 years ago • 2 comments

Environment

  • Ruby 2.7.2
  • Rails 6.1.4.6
  • Devise 4.8.1

Current behavior

Use of after_sign_in_path_for does not retain URL fragments.

Browsers don't share URL fragments with servers in HTTP requests, but browsers do retain fragments across redirects by default. The fact that redirects triggered by the consumer of after_sign_in_path_for do not retain fragments makes me think something is broken.

I have inspected the corresponding HTTP requests but have found nothing out of the ordinary.

Fragments can be critical to an application's functionality and also its privacy, eg when they contain information servers do not wish to touch.

Expected behavior

Should retain URL fragments in redirects to the path returned by after_sign_in_path_for.

dchacke avatar Sep 25 '22 02:09 dchacke

Can I get this one?

Leoruwer avatar Nov 17 '22 12:11 Leoruwer

After investigation, found out that we should not process the fragment https://www.rfc-editor.org/rfc/rfc2396#section-4

⚠️ If you really want to do this, there should be a workaround, using JS to grab the value from the fragment, and put it in a hidden input, this way you could grab the fragments and pass on

Leoruwer avatar Nov 18 '22 13:11 Leoruwer