You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We updated our support for authentication in Blazor Webassembly applications to rely on the history state instead of query strings in the URL. As a result of that, existing applications passing the return URL through the query string will fail to redirect back to the original page after a successful login.
Existing applications should use the new NavigateToLogin extension method as it is able to flow the data to the login page corectly.
Version
.NET 7 RC 1
Previous behavior
The return URL would be specified in the query string as ?returnUrl=<<return-url>>.
New behavior
The return URL along other parameters passed to the authentication/# page are passed via the history.state entry of the page.
Type of breaking change
Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.
Behavioral change: Existing code and binaries may experience different run-time behavior.
Reason for change
We decided to switch to using history.state instead of the query string as it simplifies the implementation and removes the surface attack area associated with passing data through the query string.
Recommended action
Most apps have a RedirectToLogin.razor file in them that can be updated as follows:
Description
We updated our support for authentication in Blazor Webassembly applications to rely on the history state instead of query strings in the URL. As a result of that, existing applications passing the return URL through the query string will fail to redirect back to the original page after a successful login.
Existing applications should use the new
NavigateToLogin
extension method as it is able to flow the data to the login page corectly.Version
.NET 7 RC 1
Previous behavior
The return URL would be specified in the query string as
?returnUrl=<<return-url>>
.New behavior
The return URL along other parameters passed to the
authentication/#
page are passed via thehistory.state
entry of the page.Type of breaking change
Reason for change
We decided to switch to using
history.state
instead of the query string as it simplifies the implementation and removes the surface attack area associated with passing data through the query string.Recommended action
Most apps have a RedirectToLogin.razor file in them that can be updated as follows:
Affected APIs
As part of this change
SignOutSessionStateManager
has been obsoleted in favor ofNavigationManager.NavigateToLogout
The text was updated successfully, but these errors were encountered: