Removed the action attribute from the login form. Without the attribute the browser will automatically use the current url. That also includes the hash, which we do not have available on server side.
It's quite a simple change. But I'm not sure if it opens up the form to any security attack.
it works, didn't know about this trick :+1:
not-in-changelog label to PR so we don't get two entries in changelog for the one issue)