aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware/show_exceptions.rb
diff options
context:
space:
mode:
authorDerek Prior <derekprior@gmail.com>2015-12-15 20:17:32 -0500
committerDerek Prior <derekprior@gmail.com>2015-12-16 11:42:05 -0500
commit13fd5586cef628a71e0e2900820010742a911099 (patch)
treeb6a82887247a24b6877e63156cf002df5028c856 /actionpack/lib/action_dispatch/middleware/show_exceptions.rb
parentd95351236071215a931c626ec2fe7059270f606c (diff)
downloadrails-13fd5586cef628a71e0e2900820010742a911099.tar.gz
rails-13fd5586cef628a71e0e2900820010742a911099.tar.bz2
rails-13fd5586cef628a71e0e2900820010742a911099.zip
Add `redirect_back` for safer referrer redirects
`redirect_to :back` is a somewhat common pattern in Rails apps, but it is not completely safe. There are a number of circumstances where HTTP referrer information is not available on the request. This happens often with bot traffic and occasionally to user traffic depending on browser security settings. When there is no referrer available on the request, `redirect_to :back` will raise `ActionController::RedirectBackError`, usually resulting in an application error. `redirect_back` takes a required `fallback_location` keyword argument that specifies the redirect when the referrer information is not available. This prevents 500 errors caused by `ActionController::RedirectBackError`.
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware/show_exceptions.rb')
0 files changed, 0 insertions, 0 deletions