Not sure if anyone is going to be able to answer this, but I'm gonna try anyway.
I've just set up Google OAuth on my site using google-auth-library@^6.1.3 and fastify@^3.9.2. I've created a a login link that directs you to https://accounts.google.com/o/oauth2/v2/auth?.... When the user successfully logs in, Google redirects the user back to http://localhost:3000/google-oauth-redirect-uri?code=xxx&scope=profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile.
I use that code to create a session for the user, and then at the end of my fastify handler, I do:
reply
.setCookie(SESSION_COOKIE_NAME, sessionKeyStr, {...SESSION_COOKIE_OPTIONS, expires: new Date(sessionExpiresAt)})
.redirect('/')
Which creates the session cookie and redirects the user back to the homepage.
You can see the request here:
What I can't figure out is where that # in the URL is coming from. AFAIK, 302 header redirects can't even add URL-fragments. I thought maybe the hash was carried over from the previous page, but as you can see in the screenie, the previous page didn't have a hash either. So maybe the homepage is adding it with JS? No, it doesn't even contain a <script> tag.
What else could be adding that # to the URL?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
