You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is it a good idea to add query string to line 157 as well as line 188 (the redirect http to https logic)?
It makes sense the query string is needed when we redirect the request from http to https, we need keep them.
But if query string is added to https, then http should also be added, right?
If there is something worth to keep while using https, why should it be thrown away in http?
People(me) might want to keep the client_id query string within the form login request and filter malicious login request by client id or show a different login page according to it.
With this line added, it could be much easier and I don't see the downsides, cause query string doesn't harm.
Let's talk about it please.
The text was updated successfully, but these errors were encountered:
spring-security/web/src/main/java/org/springframework/security/web/authentication/LoginUrlAuthenticationEntryPoint.java
Line 157 in 3349544
Is it a good idea to add query string to line 157 as well as line 188 (the redirect http to https logic)?
It makes sense the query string is needed when we redirect the request from http to https, we need keep them.
But if query string is added to https, then http should also be added, right?
If there is
something
worth to keep while using https, why should it be thrown away in http?People(me) might want to keep the
client_id
query string within the form login request and filter malicious login request by client id or show a different login page according to it.With this line added, it could be much easier and I don't see the downsides, cause query string doesn't harm.
Let's talk about it please.
The text was updated successfully, but these errors were encountered: