[flangola7]

Why do browsers even allow this behavior? The back button should automatically skip any blind redirects.

[sublinear]

It's not the back button, but these two otherwise useful APIs used in a malicious way together:

https://developer.mozilla.org/en-US/docs/Web/API/Window/befo...

https://developer.mozilla.org/en-US/docs/Web/API/Location/hr...

[j16sdiz]

because Single-Page-Applications

they want the back button work with app internal state changes

[sublinear]

Single page apps don't require a frontend router and the same can be achieved by unconditionally sending a redirect from the server side for any request as long as you also hook into the "beforeunload" event in the browser.