Comment by andy_ppp

Yes. I’m debating in my head who is correct here. Maybe Oauth2 is colouring my judgement a bit but I feel the fragment should NOT be sent to the server unless there are extremely good reasons. Let’s try to keep the understanding of what happens to certain things consistent even if we have the power to abuse them.