- Issue created by @id.aleks
- Merge request !3#3458485: window.onpopstate code contains undeclared behaviors. β (Open) created by id.aleks
- Issue was unassigned.
- Status changed to Needs review
9 months ago 11:09am 2 July 2024
According to the module description, it should prevent displaying pages from the authenticated user's previous session. This is clear. However, only the first if statement is needed to achieve this. The necessary code is:
window.onpopstate = function (event) {
if (status) {
window.location.href = logout_redirect_url;
}
}
The else part of this code is buggy, and its purpose is not entirely clear:
window.onpopstate = function (event) {
if (status) {
window.location.href = logout_redirect_url;
} else {
if ((window.location.href.indexOf(logout_redirect_url) > -1)) {
window.history.pushState('', null, '');
// do nothing. if condition will use in future to change logic
} else {
history.back(1);
}
}
};
The line window.location.href.indexOf(logout_redirect_url) > -1 prevents the user from pressing the back button if they are on the logout_redirect_url page, even if they are logged in. Looks like a bug.
The purpose of the following code is not clear at all, and it may conflict with other JavaScript code that works with the History API:
else {
history.back(1);
}
Keep only the code needed for the module's functionality.
Needs review
2.0
Code