Fix link/origin referrer and login redirect (#36279)

Fix #35998 1. Fix `<a rel>` : * "_blank" already means "noopener" * "noreferrer" is already provided by page's `<meta name="referrer">` 2. Fix "redirect_to" mechisam * Use "referer" header to determine the redirect link for a successful login 3. Simplify code and merge duplicate logic
2026-01-03 11:43:04 +08:00
parent 6fb3547417
commit b79dbfa990
46 changed files with 141 additions and 168 deletions
@@ -7,7 +7,7 @@ At the moment, no JS initialization would re-trigger (fortunately there is no JS
 <div class="no-loading-indicator tw-hidden"></div>
 <div class="user-cards"
 		hx-trigger="refreshUserCards from:body" hx-indicator=".no-loading-indicator"
-		hx-get="{{$.CurrentURL}}" hx-swap="outerHTML" hx-select=".user-cards"
+		hx-get="" hx-swap="outerHTML" hx-select=".user-cards"
 >
 	{{if .CardsTitle}}
 	<h2 class="ui dividing header">
@@ -24,7 +24,7 @@ At the moment, no JS initialization would re-trigger (fortunately there is no JS

 				<div class="meta">
 					{{if .Website}}
-						{{svg "octicon-link"}} <a href="{{.Website}}" target="_blank" rel="noopener noreferrer">{{.Website}}</a>
+						{{svg "octicon-link"}} <a href="{{.Website}}" target="_blank">{{.Website}}</a>
 					{{else if .Location}}
 						{{svg "octicon-location"}} {{.Location}}
 					{{else}}