Fix ArgumentError: Unsafe redirect

4 files changed, 57 insertions, 2 deletions

diff --git a/activestorage/app/controllers/active_storage/blobs_controller.rb b/activestorage/app/controllers/active_storage/blobs_controller.rb
index 4fc3fbe824..a8e42d7356 100644
--- a/activestorage/app/controllers/active_storage/blobs_controller.rb
+++ b/activestorage/app/controllers/active_storage/blobs_controller.rb
@@ -9,6 +9,6 @@ class ActiveStorage::BlobsController < ActiveStorage::BaseController
 
   def show
     expires_in ActiveStorage.service_urls_expire_in
-    redirect_to @blob.service_url(disposition: params[:disposition])
+    redirect_to @blob.service_url(disposition: params[:disposition]), allow_other_host: true
   end
 end
diff --git a/activestorage/app/controllers/active_storage/representations_controller.rb b/activestorage/app/controllers/active_storage/representations_controller.rb
index 98e11e5dbb..d01af5d939 100644
--- a/activestorage/app/controllers/active_storage/representations_controller.rb
+++ b/activestorage/app/controllers/active_storage/representations_controller.rb
@@ -9,6 +9,6 @@ class ActiveStorage::RepresentationsController < ActiveStorage::BaseController
 
   def show
     expires_in ActiveStorage.service_urls_expire_in
-    redirect_to @blob.representation(params[:variation_key]).processed.service_url(disposition: params[:disposition])
+    redirect_to @blob.representation(params[:variation_key]).processed.service_url(disposition: params[:disposition]), allow_other_host: true
   end
 end
diff --git a/activestorage/test/controllers/blobs_controller_test.rb b/activestorage/test/controllers/blobs_controller_test.rb
index 9c811df895..9bf2641de6 100644
--- a/activestorage/test/controllers/blobs_controller_test.rb
+++ b/activestorage/test/controllers/blobs_controller_test.rb
@@ -20,3 +20,28 @@ class ActiveStorage::BlobsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "max-age=300, private", @response.headers["Cache-Control"]
   end
 end
+
+if SERVICE_CONFIGURATIONS[:s3] && SERVICE_CONFIGURATIONS[:s3][:access_key_id].present?
+  class ActiveStorage::S3BlobsControllerTest < ActionDispatch::IntegrationTest
+    setup do
+      @old_service = ActiveStorage::Blob.service
+      ActiveStorage::Blob.service = ActiveStorage::Service.configure(:s3, SERVICE_CONFIGURATIONS)
+    end
+
+    teardown do
+      ActiveStorage::Blob.service = @old_service
+    end
+
+    test "allow redirection to the different host" do
+      blob = create_file_blob filename: "racecar.jpg"
+
+      assert_nothing_raised { get rails_blob_url(blob) }
+      assert_response :redirect
+      assert_no_match @request.host, @response.headers["Location"]
+    ensure
+      blob.purge
+    end
+  end
+else
+  puts "Skipping S3 redirection tests because no S3 configuration was supplied"
+end
diff --git a/activestorage/test/controllers/representations_controller_test.rb b/activestorage/test/controllers/representations_controller_test.rb
index 2662cc5283..4ae0ff877e 100644
--- a/activestorage/test/controllers/representations_controller_test.rb
+++ b/activestorage/test/controllers/representations_controller_test.rb
@@ -59,3 +59,33 @@ class ActiveStorage::RepresentationsControllerWithPreviewsTest < ActionDispatch:
     assert_response :not_found
   end
 end
+
+if SERVICE_CONFIGURATIONS[:s3] && SERVICE_CONFIGURATIONS[:s3][:access_key_id].present?
+  class ActiveStorage::S3RepresentationsControllerWithVariantsTest < ActionDispatch::IntegrationTest
+    setup do
+      @old_service = ActiveStorage::Blob.service
+      ActiveStorage::Blob.service = ActiveStorage::Service.configure(:s3, SERVICE_CONFIGURATIONS)
+    end
+
+    teardown do
+      ActiveStorage::Blob.service = @old_service
+    end
+
+    test "allow redirection to the different host" do
+      blob = create_file_blob filename: "racecar.jpg"
+
+      assert_nothing_raised do
+        get rails_blob_representation_url(
+          filename: blob.filename,
+          signed_blob_id: blob.signed_id,
+          variation_key: ActiveStorage::Variation.encode(resize: "100x100"))
+      end
+      assert_response :redirect
+      assert_no_match @request.host, @response.headers["Location"]
+    ensure
+      blob.purge
+    end
+  end
+else
+  puts "Skipping S3 redirection tests because no S3 configuration was supplied"
+end