I see that he guideContainer OOTB component has a Thank you tab with a field to select the path to redirect the page. I overlayed this component to add more fields in the dialog to redirect to different pages based on a selector field in the form.
So till this point, everything looks good and the pages are being redirected accordingly to the user choice.
The issue there I am seeing is that after redirecting the page, the URL displays the "/content" even though the internalRedirects are configured in etc/mapping.
The URL :
Should be: example.com/thankyou;html
Does this happen by design? Isn't this a security problem?
Also, this happens with the OOTB component as well.
Please let me know if there is a solution to this.
sling:internalRedirect would simply resolve the url within AEM and wouldn't modify the url in browser. The onus is on the application's architecture & design including SEO best practices.
OOB AEM author and publish have different configurations by design, hence /content is mandatory to resolve in author but not in the publish instance. However, you could modify OOB configurations based on the requirements.
Based on project's /etc/mappings that you've already configured, you may use external redirects, sling:redirect or sling resourceresolver mappings or a combination of these.
the classic example is available OOB in publish server, check the URL Mappings in /system/console/configMgr and you would find -
/content/:/ - it means that /content would resolve to root / on the publish server itself which is not the case with author instance OOB configuration. Hence, localhost:4503/content/thank-you.html would also render same as localhost:4503/thank-you.html
It also provides a description about the bidirectional resolution.