Ensure external redirects are explicitly allowed

Add `fallback_location` and `allow_other_host` options to `redirect_to`.
author: Gannon McGibbon <gannon.mcgibbon@gmail.com> 2018-11-08 14:45:06 -0500
committer: Gannon McGibbon <gannon.mcgibbon@gmail.com> 2019-01-17 13:28:14 -0500
commit: 9dde7d8de047b55ec636c4c7cba89ec95324d492 (patch)
tree: 5afafc7ecef072ad779664827355cb0e91cc3768 /actionpack/CHANGELOG.md
parent: 9e34df00039d63b5672315419e76f06f80ef3dc4 (diff)
download: rails-9dde7d8de047b55ec636c4c7cba89ec95324d492.tar.gz
rails-9dde7d8de047b55ec636c4c7cba89ec95324d492.tar.bz2
rails-9dde7d8de047b55ec636c4c7cba89ec95324d492.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 1457794354..2000be688f 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,9 @@
+*   Ensure external redirects are explicitly allowed
+
+    Add `fallback_location` and `allow_other_host` options to `redirect_to`.
+
+    *Gannon McGibbon*
+
 *   Introduce ActionDispatch::HostAuthorization
 
     This is a new middleware that guards against DNS rebinding attacks by
author	Gannon McGibbon <gannon.mcgibbon@gmail.com>	2018-11-08 14:45:06 -0500
committer	Gannon McGibbon <gannon.mcgibbon@gmail.com>	2019-01-17 13:28:14 -0500
commit	9dde7d8de047b55ec636c4c7cba89ec95324d492 (patch)
tree	5afafc7ecef072ad779664827355cb0e91cc3768 /actionpack/CHANGELOG.md
parent	9e34df00039d63b5672315419e76f06f80ef3dc4 (diff)
download	rails-9dde7d8de047b55ec636c4c7cba89ec95324d492.tar.gz rails-9dde7d8de047b55ec636c4c7cba89ec95324d492.tar.bz2 rails-9dde7d8de047b55ec636c4c7cba89ec95324d492.zip