Is the URL fragment identifier sent to the server?

http uri-fragment
vincenzoml picture vincenzoml · Jan 22, 2013 · Viewed 11.5k times · Source

Possible Duplicate:
Can PHP read the hash portion of the URL?

The (famous?) web site mega.co.nz uses a hash mark in URLs to link to encrypted files; the portion of the URL after the hash mark contains a password, and encryption is claimed to happen on the client side. It is certainly feasible to use javascript for client-side encryption but … isn't the URL sent to the server, thus revealing the password to the server itself?

The URL looks like 

https://example.com/#!encryptedfilename_password

Answer

aziz punjani picture aziz punjani · Jan 22, 2013

Fragment identifiers are not sent to the server. The hash fragment is used by the browser to link to elements within the same page.

Related questions

Can I read the hash portion of the URL on my server-side application (PHP, Ruby, Python, etc.)?

Assuming a URL of: www.example.com/?val=1#part2 PHP can read the request variables val1 using the GET array. Is the hash value part2 also readable? Or is this only upto the browser and JavaScript?

Read More
PUT vs. POST in REST

According to the HTTP/1.1 Spec: The POST method is used to request that the origin server accept the entity enclosed in the request as a new subordinate of the resource identified by the Request-URI in the Request-Line In other words, …

Read More
How are parameters sent in an HTTP POST request?

In an HTTP GET request, parameters are sent as a query string: http://example.com/page?parameter=value&also;=another In an HTTP POST request, the parameters are not sent along with the URI. Where are the values? In …

Read More