External application is redirected to frontpage in maintenance mode

The Needs Review Queue Bot → tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.

Consult the Drupal Contributor Guide → to find step-by-step guides for working with issues.

The reason is described as "If the site is offline, log out unprivileged users." but I still can't understand why we should force the logout for all users, instead of just showing the "Site is offline" message on the blank page?

Imagine, you use public computer, and the site occasionally goes in maintenance. You need go away soon, but you have no ability to log out. As a rule typical user have no skills to clean up cookies, use guest mode in public computers, etc. In this way the next user would see your account, and could get you PI data or compromise you on this site, delete account, etc.

The issue could be solved providing access to "Log Out" action in maintenance too, but looks like that Drupal just uses force-logout.

10.x patch should work for 11 branch too.

Have to agree, not sure the redirect is needed so the change LGTM.

The Needs Review Queue Bot → tested this issue. It no longer applies to Drupal core. Therefore, this issue status is now "Needs work".

This does not mean that the patch needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

Consult the Drupal Contributor Guide → to find step-by-step guides for working with issues.