Login uses window.location.replace(url) instead of window.location = url

[ponpondev]

Version

module: 5.0.0-1622309801.87126e3 nuxt: 2.15.3

Nuxt configuration

mode:

• [x] universal
• [ ] spa

Nuxt configuration

Not relevant.

Reproduction

What is expected?

Pressing Back button on the browser is supposed to go back to the previous page.

What is actually happening?

The page shown is the previous page of the previous page.

Steps to reproduce

• Call any providers with loginWith method.
• Press Back button.
• The page shown is not the previous page, it's the previous page of that page instead.

Additional information

I've got to the point where runtime.js file is coded, on line 1260, the code is

window.location.replace(url);

While the old version (v4 - that works as intended) is

window.location = url

I also noticed a lot of window.location.replace() being used. I haven't got to the point to use other methods/classes in runtime.js yet.

Checklist

• [x] I have tested with the latest Nuxt version and the issue still occurs
• [x] I have tested with the latest module version and the issue still occurs
• [x] I have searched the issue tracker and this issue hasn't been reported yet

[Intevel]

I think this change is nonsensical, when I press Back I don't want to end up on the callback page we need since addAuthorize @ponpondev

[ponpondev]

@Intevel I don't think the callback page is intended for logged in users. Adding a middleware to redirect them somewhere else is a nicer touch when they try to access while already authenticated. My suggestion is purely for UX, they can get lost if they go back from the authorization page.

[bmulholland]

Could you please be more specific than "The page shown is not the previous page, it's the previous page of that page instead."? In this context, state has changed, which breaks the concept of "back". So "The previous page" isn't very helpful in this context of deciding what the behaviour should be. Likewise with a double "previous"

Having back navigation to a callback URL doesn't make sense, I agree. In your description, is callback "the previous page?" The previous previous?

But also, going back to the login page doesn't make sense either: you are now logged in, so that page is for a state that is no longer valid.

If I login from a login page, and am then redirected to a secure page, what do you expect the back button to do? Take you to the login page, which would then redirect you to the same logged in "home" page? What is happening now?

Is this coming up because you're doing an unusual use case for auth?

[ponpondev]

Let me try describing the context. I have the following pages:

• Page [1] - Home
• Page [2] - Products
• Page [3] - Discord's Oauth page
• Page [4] - Callback page (used for exchanging code with backend)

The site has a Navigation bar with Login button, clicking it shows a modal with an Auth button.

A user is at Page [1] -> navigates to Page [2] -> clicks Login on the nav bar to open login modal -> clicks the Auth button -> user is redirected to Page [3] where Discord prompts the user to authorize. From this authorize page, user decides to go back to previous page by pressing the Back button. User does not press Authorize button (which redirects to Page [4]).

By pressing the Back button:

• With window.location.replace(url); the user is back to Page [1] - the Home page.
• While with window.location = url; the user is back to Page [2] - the Products page - which is the correct page in context of "previous page".

I tried to implement Discord Oauth2 flow which has an issue described in #1191 . But they're unrelated. I tried tweaking by replacing the codes above and it worked to my intended flow.

[bmulholland]

Thank you for the detail, that makes much more sense!

[bmulholland]

This seems like a simple enough PR that you already know how to make -- how about you create that? Please include a comment explaining the choice :)