diff options
| author | Gannon McGibbon <gannon.mcgibbon@gmail.com> | 2018-11-08 14:45:06 -0500 |
|---|---|---|
| committer | Gannon McGibbon <gannon.mcgibbon@gmail.com> | 2019-01-17 13:28:14 -0500 |
| commit | 9dde7d8de047b55ec636c4c7cba89ec95324d492 (patch) | |
| tree | 5afafc7ecef072ad779664827355cb0e91cc3768 /actionpack/lib/action_controller/metal/force_ssl.rb | |
| parent | 9e34df00039d63b5672315419e76f06f80ef3dc4 (diff) | |
| download | rails-9dde7d8de047b55ec636c4c7cba89ec95324d492.tar.gz rails-9dde7d8de047b55ec636c4c7cba89ec95324d492.tar.bz2 rails-9dde7d8de047b55ec636c4c7cba89ec95324d492.zip | |
Ensure external redirects are explicitly allowed
Add `fallback_location` and `allow_other_host` options to `redirect_to`.
Diffstat (limited to 'actionpack/lib/action_controller/metal/force_ssl.rb')
| -rw-r--r-- | actionpack/lib/action_controller/metal/force_ssl.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb index 26e6f72b66..205f84ae36 100644 --- a/actionpack/lib/action_controller/metal/force_ssl.rb +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -13,7 +13,7 @@ module ActionController ACTION_OPTIONS = [:only, :except, :if, :unless] URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path] - REDIRECT_OPTIONS = [:status, :flash, :alert, :notice] + REDIRECT_OPTIONS = [:status, :flash, :alert, :notice, :allow_other_host] module ClassMethods # :nodoc: def force_ssl(options = {}) @@ -40,7 +40,8 @@ module ActionController protocol: "https://", host: request.host, path: request.fullpath, - status: :moved_permanently + status: :moved_permanently, + allow_other_host: true, } if host_or_options.is_a?(Hash) |