1 files changed, 16 insertions, 8 deletions

diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index f2dfb3833b..ee0e69d87c 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -18,13 +18,12 @@ module ActionController
     #
     # * <tt>Hash</tt> - The URL will be generated by calling url_for with the +options+.
     # * <tt>Record</tt> - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record.
-    # * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) - Is passed straight through as the target for redirection.
+    # * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) or a protocol relative reference (like <tt>//</tt>) - Is passed straight through as the target for redirection.
     # * <tt>String</tt> not containing a protocol - The current protocol and host is prepended to the string.
     # * <tt>Proc</tt> - A block that will be executed in the controller's context. Should return any option accepted by +redirect_to+.
     # * <tt>:back</tt> - Back to the page that issued the request. Useful for forms that are triggered from multiple places.
     #   Short-hand for <tt>redirect_to(request.env["HTTP_REFERER"])</tt>
     #
-    # Examples:
     #   redirect_to :action => "show", :id => 5
     #   redirect_to post
     #   redirect_to "http://www.rubyonrails.org"
@@ -35,7 +34,6 @@ module ActionController
     #
     # The redirection happens as a "302 Moved" header unless otherwise specified.
     #
-    # Examples:
     #   redirect_to post_url(@post), :status => :found
     #   redirect_to :action=>'atom', :status => :moved_permanently
     #   redirect_to post_url(@post), :status => 301
@@ -45,20 +43,29 @@ module ActionController
     # integer, or a symbol representing the downcased, underscored and symbolized description.
     # Note that the status code must be a 3xx HTTP code, or redirection will not occur.
     #
+    # If you are using XHR requests other than GET or POST and redirecting after the
+    # request then some browsers will follow the redirect using the original request
+    # method. This may lead to undesirable behavior such as a double DELETE. To work
+    # around this  you can return a <tt>303 See Other</tt> status code which will be
+    # followed using a GET request.
+    #
+    #   redirect_to posts_url, :status => :see_other
+    #   redirect_to :action => 'index', :status => 303
+    #
     # It is also possible to assign a flash message as part of the redirection. There are two special accessors for the commonly used flash names
     # +alert+ and +notice+ as well as a general purpose +flash+ bucket.
     #
-    # Examples:
     #   redirect_to post_url(@post), :alert => "Watch it, mister!"
     #   redirect_to post_url(@post), :status=> :found, :notice => "Pay attention to the road"
     #   redirect_to post_url(@post), :status => 301, :flash => { :updated_post_id => @post.id }
     #   redirect_to { :action=>'atom' }, :alert => "Something serious happened"
     #
-    # When using <tt>redirect_to :back</tt>, if there is no referrer, RedirectBackError will be raised. You may specify some fallback
-    # behavior for this case by rescuing RedirectBackError.
+    # When using <tt>redirect_to :back</tt>, if there is no referrer, ActionController::RedirectBackError will be raised. You may specify some fallback
+    # behavior for this case by rescuing ActionController::RedirectBackError.
     def redirect_to(options = {}, response_status = {}) #:doc:
       raise ActionControllerError.new("Cannot redirect to nil!") unless options
       raise AbstractController::DoubleRenderError if response_body
+      logger.debug { "Redirected by #{caller(1).first rescue "unknown"}" } if logger
 
       self.status        = _extract_redirect_to_status(options, response_status)
       self.location      = _compute_redirect_to_location(options)
@@ -81,7 +88,8 @@ module ActionController
         # The scheme name consist of a letter followed by any combination of
         # letters, digits, and the plus ("+"), period ("."), or hyphen ("-")
         # characters; and is terminated by a colon (":").
-        when %r{^\w[\w+.-]*:.*}
+        # The protocol relative scheme starts with a double slash "//"
+        when %r{^(\w[\w+.-]*:|//).*}
           options
         when String
           request.protocol + request.host_with_port + options
@@ -92,7 +100,7 @@ module ActionController
           _compute_redirect_to_location options.call
         else
           url_for(options)
-        end.gsub(/[\r\n]/, '')
+        end.delete("\0\r\n")
       end
   end
 end