diff options
author | Derek Prior <derekprior@gmail.com> | 2015-12-15 20:17:32 -0500 |
---|---|---|
committer | Derek Prior <derekprior@gmail.com> | 2015-12-16 11:42:05 -0500 |
commit | 13fd5586cef628a71e0e2900820010742a911099 (patch) | |
tree | b6a82887247a24b6877e63156cf002df5028c856 /guides/source/ruby_on_rails_guides_guidelines.md | |
parent | d95351236071215a931c626ec2fe7059270f606c (diff) | |
download | rails-13fd5586cef628a71e0e2900820010742a911099.tar.gz rails-13fd5586cef628a71e0e2900820010742a911099.tar.bz2 rails-13fd5586cef628a71e0e2900820010742a911099.zip |
Add `redirect_back` for safer referrer redirects
`redirect_to :back` is a somewhat common pattern in Rails apps, but it
is not completely safe. There are a number of circumstances where HTTP
referrer information is not available on the request. This happens often
with bot traffic and occasionally to user traffic depending on browser
security settings.
When there is no referrer available on the request, `redirect_to :back`
will raise `ActionController::RedirectBackError`, usually resulting in
an application error.
`redirect_back` takes a required `fallback_location` keyword argument
that specifies the redirect when the referrer information is not
available. This prevents 500 errors caused by
`ActionController::RedirectBackError`.
Diffstat (limited to 'guides/source/ruby_on_rails_guides_guidelines.md')
0 files changed, 0 insertions, 0 deletions