The redirectTo feature is great, but it is way too eager to activate and does not respect the auth.mode of routes.
From the docs:
Note that using redirectTo with authentication mode 'try' will cause the protected endpoint to always redirect, voiding 'try' mode.
And also:
redirectOnTry - if false and route authentication mode is 'try', authentication errors will not trigger a redirection. Requires hapi version 6.2.0 or newer. Defaults to true
This is all needlessly silly and complicated. I bet at least 95% of the time what people want is for redirectTo to only affect requests whose auth mode is required.
Currently I have to add this to every single route where auth is optional.
plugins : {
'hapi-auth-cookie' : {
redirectTo : false
}
}I'm failing to think of a scenario where I would want redirectTo and optional / try together. But if there is one, it is definitely not the common case.
I propose that redirectTo only triggers for required auth. We could have a redirectOnTry: true to re-enable the old behavior, but it's still a breaking change. And with the new behavior, I'm not sure anyone actually even needs the redirectOnTry option at all.
The
redirectTofeature is great, but it is way too eager to activate and does not respect theauth.modeof routes.From the docs:
And also:
This is all needlessly silly and complicated. I bet at least 95% of the time what people want is for
redirectToto only affect requests whose auth mode isrequired.Currently I have to add this to every single route where auth is
optional.I'm failing to think of a scenario where I would want
redirectToandoptional/trytogether. But if there is one, it is definitely not the common case.I propose that
redirectToonly triggers forrequiredauth. We could have aredirectOnTry: trueto re-enable the old behavior, but it's still a breaking change. And with the new behavior, I'm not sure anyone actually even needs theredirectOnTryoption at all.