[wp-trac] [WordPress Trac] #23345: auth_redirect strips the hash portion of a URL
WordPress Trac
noreply at wordpress.org
Thu Jan 31 18:38:38 UTC 2013
#23345: auth_redirect strips the hash portion of a URL
--------------------------+----------------------
Reporter: cnilsson | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version:
Severity: normal | Resolution: wontfix
Keywords: |
--------------------------+----------------------
Changes (by nacin):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
Hashes remain at the browser level and are not sent to the server. That
means there's no way for auth_redirect() to know there was a hash.
There *are* ways around this, basically by allowing the redirect to occur
at the JavaScript level. This is possible while still being secure. But,
it's not very efficient, or clean, and doesn't give us much. We aren't an
application that depends on hash-based URLs (such as one using hashes as
an alternative to the HTML5 History API), so I'm inclined to pass on
changes here.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23345#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list