<p dir="auto"><span class="issue-keyword tooltipped tooltipped-se" aria-label="This pull request closes issue #6130.">Closes</span> <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3172434749" data-permission-text="Title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/6130" data-hovercard-type="issue" data-hovercard-url="/openstreetmap/openstreetmap-website/issues/6130/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/issues/6130">#6130</a></p>
<p dir="auto">Someone helped me debug <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3172434749" data-permission-text="Title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/6130" data-hovercard-type="issue" data-hovercard-url="/openstreetmap/openstreetmap-website/issues/6130/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/issues/6130">#6130</a> and this change fixes the issue.</p>
<p dir="auto">The OAuth process starts as a GET and becomes a POST by submitting the form below in JS automatically.<br>
We lost the <code class="notranslate">referrer</code> during this submit which means <code class="notranslate">confirmation_controller#confirm</code> never received the referrer to pass it on.</p>
<details><summary>Some debug logging that shows that the referer is there at first and then disapears…</summary>
<p dir="auto">
</p><pre lang="log" class="notranslate"><code class="notranslate">2025-06-27 17:03:33 Started GET "/user/test23/confirm?confirm_string=eyJfcmFpbHMiOnsiZGF0YSI6WzMsIjA2MWU3YWNjZjIxYjI3MzVlYmY0MDUwMjk3ZmE1YzJmNjJiZWY4YTc3ZGEyNmMwYTYwMjlkNzkyYjkxNDY3NWIiXSwiZXhwIjoiMjAyNS0wNy0wNFQxNTowMTo1OS41MjJaIiwicHVyIjoiVXNlclxubmV3X3VzZXJcbjYwNDgwMCJ9fQ%3D%3D--2359edd41975d1e561bf22666f32d5c457507380&referer=%2Fwelcome%3Foauth_return_url%3D%252Foauth2%252Fauthorize%253Fclient_id%253DuglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4%2526scope%253Dopenid%252520read_prefs%252520write_prefs%252520write_notes%2526response_type%253Dcode%2526redirect_uri%253Dhttps%25253A%25252F%25252Fstaging.tilda-geo.de%25252Fapi%25252Fauth%25252Fosm%25252Fcallback%2526nextauth%253Dosm%25252Clogin%2526state%253DsHLAM8Pu8h6vLJHBmPOwDTR4N786cdOi74QMN9Ld8es%2526code_challenge%253DZGz_cGc0z5SWRGRImxp2SVplCQkLmeeZn0n7iI6yUz0%2526code_challenge_method%253DS256" for 192.168.65.1 at 2025-06-27 15:03:33 +0000
2025-06-27 17:03:35 Processing by ConfirmationsController#confirm as HTML
2025-06-27 17:03:35   Parameters: {"confirm_string"=>"eyJfcmFpbHMiOnsiZGF0YSI6WzMsIjA2MWU3YWNjZjIxYjI3MzVlYmY0MDUwMjk3ZmE1YzJmNjJiZWY4YTc3ZGEyNmMwYTYwMjlkNzkyYjkxNDY3NWIiXSwiZXhwIjoiMjAyNS0wNy0wNFQxNTowMTo1OS41MjJaIiwicHVyIjoiVXNlclxubmV3X3VzZXJcbjYwNDgwMCJ9fQ==--2359edd41975d1e561bf22666f32d5c457507380", "referer"=>"/welcome?oauth_return_url=%2Foauth2%2Fauthorize%3Fclient_id%3DuglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4%26scope%3Dopenid%2520read_prefs%2520write_prefs%2520write_notes%26response_type%3Dcode%26redirect_uri%3Dhttps%253A%252F%252Fstaging.tilda-geo.de%252Fapi%252Fauth%252Fosm%252Fcallback%26nextauth%3Dosm%252Clogin%26state%3DsHLAM8Pu8h6vLJHBmPOwDTR4N786cdOi74QMN9Ld8es%26code_challenge%3DZGz_cGc0z5SWRGRImxp2SVplCQkLmeeZn0n7iI6yUz0%26code_challenge_method%3DS256", "display_name"=>"test23"}
2025-06-27 17:03:36 xxxxxxx1: #<ActionDispatch::Request GET "http://127.0.0.1:3001/user/test23/confirm?confirm_string=eyJfcmFpbHMiOnsiZGF0YSI6WzMsIjA2MWU3YWNjZjIxYjI3MzVlYmY0MDUwMjk3ZmE1YzJmNjJiZWY4YTc3ZGEyNmMwYTYwMjlkNzkyYjkxNDY3NWIiXSwiZXhwIjoiMjAyNS0wNy0wNFQxNTowMTo1OS41MjJaIiwicHVyIjoiVXNlclxubmV3X3VzZXJcbjYwNDgwMCJ9fQ%3D%3D--2359edd41975d1e561bf22666f32d5c457507380&referer=%2Fwelcome%3Foauth_return_url%3D%252Foauth2%252Fauthorize%253Fclient_id%253DuglV_cJniuc96GQT0-rO6sXsgJPZfat8PLCfv91qRC4%2526scope%253Dopenid%252520read_prefs%252520write_prefs%252520write_notes%2526response_type%253Dcode%2526redirect_uri%253Dhttps%25253A%25252F%25252Fstaging.tilda-geo.de%25252Fapi%25252Fauth%25252Fosm%25252Fcallback%2526nextauth%253Dosm%25252Clogin%2526state%253DsHLAM8Pu8h6vLJHBmPOwDTR4N786cdOi74QMN9Ld8es%2526code_challenge%253DZGz_cGc0z5SWRGRImxp2SVplCQkLmeeZn0n7iI6yUz0%2526code_challenge_method%253DS256" for 192.168.65.1>
2025-06-27 17:03:36   User Load (1.2ms)  SELECT "users".* FROM "users" WHERE "users"."status" IN ('pending', 'active', 'confirmed') AND "users"."display_name" = 'test23' LIMIT 1 /*action='confirm',application='OpenStreetMap',controller='confirmations'*/
2025-06-27 17:03:36   ↳ app/controllers/confirmations_controller.rb:56:in `confirm'
2025-06-27 17:03:36   Rendering layout layouts/site.html.erb
2025-06-27 17:03:36   Rendering confirmations/confirm.html.erb within layouts/site
2025-06-27 17:03:36   Rendered confirmations/confirm.html.erb within layouts/site (Duration: 53.4ms | GC: 15.4ms)
2025-06-27 17:03:36   Rendered layouts/_meta.html.erb (Duration: 42.8ms | GC: 8.1ms)
2025-06-27 17:03:36   Rendered layouts/_head.html.erb (Duration: 217.4ms | GC: 38.7ms)
2025-06-27 17:03:36   Rendered layouts/_select_language_button.html.erb (Duration: 0.7ms | GC: 0.0ms)
2025-06-27 17:03:36   Rendered layouts/_select_language_button.html.erb (Duration: 0.2ms | GC: 0.0ms)
2025-06-27 17:03:36   Rendered layouts/_select_language_list.html.erb (Duration: 87.6ms | GC: 22.1ms)
2025-06-27 17:03:36   Rendered layouts/_header.html.erb (Duration: 118.4ms | GC: 32.2ms)
2025-06-27 17:03:36   Rendered layouts/_flash.html.erb (Duration: 4.3ms | GC: 0.0ms)
2025-06-27 17:03:36   Rendered layouts/_content.html.erb (Duration: 16.2ms | GC: 2.2ms)
2025-06-27 17:03:36   Rendered layout layouts/site.html.erb (Duration: 423.9ms | GC: 88.6ms)
2025-06-27 17:03:36 Completed 200 OK in 808ms (Views: 429.0ms | ActiveRecord: 30.9ms (1 query, 0 cached) | GC: 185.0ms)
2025-06-27 17:03:36 
2025-06-27 17:03:36 
2025-06-27 17:03:37 Started POST "/user/test23/confirm" for 192.168.65.1 at 2025-06-27 15:03:37 +0000
2025-06-27 17:03:37 Processing by ConfirmationsController#confirm as HTML
2025-06-27 17:03:37   Parameters: {"authenticity_token"=>"MhnDTkRQDADXsAxObtacIwSCH5ZvF5hSOWaMxvPjEQ0-cjOcT3czC8Ul_EHhVU8kgkPjzt9xGQgDH5AftbQMKA", "display_name"=>"test23", "confirm_string"=>"eyJfcmFpbHMiOnsiZGF0YSI6WzMsIjA2MWU3YWNjZjIxYjI3MzVlYmY0MDUwMjk3ZmE1YzJmNjJiZWY4YTc3ZGEyNmMwYTYwMjlkNzkyYjkxNDY3NWIiXSwiZXhwIjoiMjAyNS0wNy0wNFQxNTowMTo1OS41MjJaIiwicHVyIjoiVXNlclxubmV3X3VzZXJcbjYwNDgwMCJ9fQ==--2359edd41975d1e561bf22666f32d5c457507380"}
2025-06-27 17:03:37 xxxxxxx1: #<ActionDispatch::Request POST "http://127.0.0.1:3001/user/test23/confirm" for 192.168.65.1>
</code></pre>
<p dir="auto"></p>
</details> 
<p dir="auto">I assume this issue is present since <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2280520252" data-permission-text="Title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/4758" data-hovercard-type="pull_request" data-hovercard-url="/openstreetmap/openstreetmap-website/pull/4758/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/pull/4758">#4758</a> and was not caught in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2319171416" data-permission-text="Title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/4846" data-hovercard-type="pull_request" data-hovercard-url="/openstreetmap/openstreetmap-website/pull/4846/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/pull/4846">#4846</a>. A different thing might be that the whole JS-Redirect part was changed later (did not check this).</p>
<hr>
<p dir="auto">I want to <code class="notranslate">+1</code> <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3173059735" data-permission-text="Title is private" data-url="https://github.com/openstreetmap/openstreetmap-website/issues/6131" data-hovercard-type="issue" data-hovercard-url="/openstreetmap/openstreetmap-website/issues/6131/hovercard" href="https://github.com/openstreetmap/openstreetmap-website/issues/6131">#6131</a> but unfortunately I cannot help with this; I don't know enough Rails for that. As a side note, I also did not manage to get an OAuth setup going locally for proper debugging (I don't have <a href="https://www.openstreetmap.org/.well-known/openid-configuration" rel="nofollow">https://www.openstreetmap.org/.well-known/openid-configuration</a> locally for some reason).</p>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>  <a href='https://github.com/openstreetmap/openstreetmap-website/pull/6138'>https://github.com/openstreetmap/openstreetmap-website/pull/6138</a></p>

<h4>Commit Summary</h4>
<ul>
  <li><a href="https://github.com/openstreetmap/openstreetmap-website/pull/6138/commits/0e160369a76b968b4fc71468f06506aabe8693c7" class="commit-link">0e16036</a>  Preserve `referrer` during oauth JS confirmation</li>
</ul>

<h4 style="display: inline-block">File Changes </h4> <p style="display: inline-block">(<a href="https://github.com/openstreetmap/openstreetmap-website/pull/6138/files">2 files</a>)</p>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/6138/files#diff-961c5d7e0310073ca00d502eda2687808102441be660a654cab29645fbcea019">app/controllers/confirmations_controller.rb</a>
    (1)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/openstreetmap/openstreetmap-website/pull/6138/files#diff-596485415afaa248c73d36eeb3a5be71b78f19acaedd02fd5dbf9bad11145d18">app/views/confirmations/confirm.html.erb</a>
    (1)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/6138.patch'>https://github.com/openstreetmap/openstreetmap-website/pull/6138.patch</a></li>
  <li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/6138.diff'>https://github.com/openstreetmap/openstreetmap-website/pull/6138.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/6138">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLOP3KGM4PJVUIPEHAT3FVPIHAVCNFSM6AAAAACAJJKZ6OVHI2DSMVQWIX3LMV43ASLTON2WKOZTGE4DGMRRGQZTENQ">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLJ2SDF6WZRC3O4FNOL3FVPIHA5CNFSM6AAAAACAJJKZ6OWGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHL3O766Y.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/pull/6138</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/6138",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/6138",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>