Revert ensure external redirects are explicitly allowed

2 files changed, 7 insertions, 29 deletions

diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index 205f84ae36..93fd57b640 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -13,7 +13,7 @@ module ActionController
 
     ACTION_OPTIONS = [:only, :except, :if, :unless]
     URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
-    REDIRECT_OPTIONS = [:status, :flash, :alert, :notice, :allow_other_host]
+    REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
 
     module ClassMethods # :nodoc:
       def force_ssl(options = {})
@@ -41,7 +41,6 @@ module ActionController
           host: request.host,
           path: request.fullpath,
           status: :moved_permanently,
-          allow_other_host: true,
         }
 
         if host_or_options.is_a?(Hash)
diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index 8bd003f5ed..67c198d150 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -60,7 +60,7 @@ module ActionController
       raise AbstractController::DoubleRenderError if response_body
 
       self.status        = _extract_redirect_to_status(options, response_options)
-      self.location      = _compute_safe_redirect_to_location(request, options, response_options)
+      self.location      = _compute_redirect_to_location(request, options)
       self.response_body = "<html><body>You are being <a href=\"#{ERB::Util.unwrapped_html_escape(response.location)}\">redirected</a>.</body></html>"
     end
 
@@ -88,13 +88,9 @@ module ActionController
     # All other options that can be passed to <tt>redirect_to</tt> are accepted as
     # options and the behavior is identical.
     def redirect_back(fallback_location:, allow_other_host: true, **args)
-      referer = request.headers.fetch("Referer", fallback_location)
-      response_options = {
-        fallback_location: fallback_location,
-        allow_other_host: allow_other_host,
-        **args,
-      }
-      redirect_to referer, response_options
+      referer = request.headers["Referer"]
+      redirect_to_referer = referer && (allow_other_host || _url_host_allowed?(referer))
+      redirect_to redirect_to_referer ? referer : fallback_location, **args
     end
 
     def _compute_redirect_to_location(request, options) #:nodoc:
@@ -118,23 +114,6 @@ module ActionController
     public :_compute_redirect_to_location
 
     private
-      def _compute_safe_redirect_to_location(request, options, response_options)
-        location = _compute_redirect_to_location(request, options)
-        location_options = options.is_a?(Hash) ? options : {}
-        if response_options[:allow_other_host] || _url_host_allowed?(location, location_options)
-          location
-        else
-          fallback_location = response_options.fetch(:fallback_location) do
-            raise ArgumentError, <<~MSG.squish
-              Unsafe redirect #{location.inspect},
-              use :fallback_location to specify a fallback
-              or :allow_other_host to redirect anyway.
-            MSG
-          end
-          _compute_redirect_to_location(request, fallback_location)
-        end
-      end
-
       def _extract_redirect_to_status(options, response_options)
         if options.is_a?(Hash) && options.key?(:status)
           Rack::Utils.status_code(options.delete(:status))
@@ -145,8 +124,8 @@ module ActionController
         end
       end
 
-      def _url_host_allowed?(url, options = {})
-        URI(url.to_s).host.in?([request.host, options[:host]])
+      def _url_host_allowed?(url)
+        URI(url.to_s).host == request.host
       rescue ArgumentError, URI::Error
         false
       end