Skip to content

fix: handle url fragments for redirects #4464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hvoort wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: handle url fragments for redirects #4464

hvoort wants to merge 1 commit into from

Conversation

@hvoort
Copy link

@hvoort hvoort commented Jan 7, 2026

Overview

Includes original URL fragment throughout auth process to keep it in the original redirect.

What this PR does / why we need it

Closes #4462

Including the URL fragment on the pages that do form posts to different URL (not to self) and anchor links to providers.

Special notes for your reviewer

What are implications of adding the hash to the URLs on the login.html page. Do some providers use the hash and if so this will mess up the url fragment. Maybe we should only add it to the password.html page.

Tested manually using the following flow:

  1. Run dex ./bin/dex serve examples/config-dev.yaml
  2. Run example app cd examples && go run ./example-app
  3. Go to http://127.0.0.1:5555/ click login
  4. Add #foobar to the URL and force refresh
  5. Click "Login with email" and observe the fragment is still there
  6. Add #foobar to the URL and force refresh
  7. Login using static user credentials [email protected] and password and observe the fragment is still there after being redirected.

@nabokihms nabokihms added the release-note/bug-fix Release note: Bug Fixes label Jan 12, 2026
nabokihms
nabokihms reviewed Jan 21, 2026
View reviewed changes
web/templates/login.html

<script type="text/javascript">
if (window.location.hash) {
var buttons = document.querySelectorAll('div.theme-form-row a');
Copy link
Member

@nabokihms nabokihms Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
var buttons = document.querySelectorAll('div.theme-form-row a');
var buttons = document.querySelectorAll('div.theme-form-row a');

NIT: Can we make the selector more straightforward? Maybe we can add ID to the password button.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nabokihms nabokihms nabokihms left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

release-note/bug-fix Release note: Bug Fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

URL fragment is lost when using username/password form

2 participants

@hvoort @nabokihms