For the interested, the successor to the History API is the Navigation API:
<a href="https://developer.chrome.com/docs/web-platform/navigation-api/" rel="nofollow">https://developer.chrome.com/docs/web-platform/navigation-ap...</a>
I think a simple website redirect middleware can do this and much more reliably. If a site is being shady there is hardly a way to stop it.<p>Step 1: Redirect middleware checks for a cookie say 'A'<p>Step 2: If no cookie, set cookie and redirect to main content.<p>Step 3: User presses back button, comes to redirect middleware which sees cookie 'A' and this time it redirects to another shady website.
Didn't work for me though on Chrome or Slimjet. Worked in Firefox!<p>On Chrome based browsers, I see this error -<p><pre><code> [Report Only] Refused to load the script 'https://ryanseddon.com/dist/app.bundle.js' because it violates the following Content Security Policy directive: "script-src 'self' 'sha256-MdC6fOvaO+dJENLQhOoRht9sHSJ++GoMxjtC5lOpUww=' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'". 'strict-dynamic' is present, so host-based whitelisting is disabled. Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.</code></pre>
Huh...so you can add a third-party domain to the history? That seems like a security flaw. I would have imagined you could only add history for the current domain.