Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#23345 closed defect (bug) (wontfix)

auth_redirect strips the hash portion of a URL

Reported by: cnilsson Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:


Using auth_redirect the hash portion of the URL is not passed through for the redirect in the query string. The hash portion is often used to allow for direct linking to AJAX generated browser states. www.mydomain.com?page=sample#my_hash_here will resolve to www.mydomain.com?page=sample after running auth_redirect();

Change History (1)

#1 @nacin
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Hashes remain at the browser level and are not sent to the server. That means there's no way for auth_redirect() to know there was a hash.

There *are* ways around this, basically by allowing the redirect to occur at the JavaScript level. This is possible while still being secure. But, it's not very efficient, or clean, and doesn't give us much. We aren't an application that depends on hash-based URLs (such as one using hashes as an alternative to the HTML5 History API), so I'm inclined to pass on changes here.

Note: See TracTickets for help on using tickets.