Unexpected reload of backend login page deletes already typed information
How to reproduce¶
- Simulate slow network connection and no cache (not required, but makes it more easy to reproduce)
- Load the TYPO3 backend login page
- Start typing a username directly when the login form is available
- the login page is reloaded and the already typed information is lost
If the referrer is not set yet, the form should not be writable to prevent users to start typing before the reload.
Alternative: If there already is text inside the login form (a key pressed) before the redirect, the redirect should not be performed.
This behavior was introduced by https://typo3.org/security/advisory/typo3-core-sa-2020-006 (TYPO3 versions 9.5.17 or 10.4.2)