potiuk opened a new pull request, #19: URL: https://github.com/apache/comdev/pull/19
## Problem After authenticating via the `login` flow, PonyMail redirected the user **back to the local paste form that was already open** instead of to the actual mailing list. ## Root cause PonyMail's `oauth.html` records `document.referrer` into `sessionStorage` (`ponymail_oauth_origin`) when it loads, and after OAuth completes it redirects the user back to that stored URL — falling back to the list index `./` only when there is no referrer. Our step-1 "Open lists.apache.org" link opens `oauth.html` from the login helper page served at `http://localhost:39817/`, so that localhost URL became the stored origin. After login, PonyMail dutifully sent the user straight back to our still-open paste form. ## Fix Add `rel="noreferrer"` to the step-1 link so the browser sends no referrer. PonyMail's empty-origin fallback then lands the user on the real `lists.apache.org` list index after authentication. A comment was added at the `oauthUrl` definition documenting this dependency so the attribute isn't stripped in a future cleanup. ## Testing `node --test` — all 43 tests pass. 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
