From ee65ca46e589e14484c80b35c46c9aff26769d86 Mon Sep 17 00:00:00 2001
From: Yuichi Takeuchi <yuichi.takeuchi@takeyuweb.co.jp>
Date: Sat, 19 Jan 2019 15:50:56 +0900
Subject: Fix ArgumentError: Unsafe redirect

---
 activestorage/app/controllers/active_storage/blobs_controller.rb        | 2 +-
 .../app/controllers/active_storage/representations_controller.rb        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'activestorage/app/controllers/active_storage')

diff --git a/activestorage/app/controllers/active_storage/blobs_controller.rb b/activestorage/app/controllers/active_storage/blobs_controller.rb
index 4fc3fbe824..a8e42d7356 100644
--- a/activestorage/app/controllers/active_storage/blobs_controller.rb
+++ b/activestorage/app/controllers/active_storage/blobs_controller.rb
@@ -9,6 +9,6 @@ class ActiveStorage::BlobsController < ActiveStorage::BaseController
 
   def show
     expires_in ActiveStorage.service_urls_expire_in
-    redirect_to @blob.service_url(disposition: params[:disposition])
+    redirect_to @blob.service_url(disposition: params[:disposition]), allow_other_host: true
   end
 end
diff --git a/activestorage/app/controllers/active_storage/representations_controller.rb b/activestorage/app/controllers/active_storage/representations_controller.rb
index 98e11e5dbb..d01af5d939 100644
--- a/activestorage/app/controllers/active_storage/representations_controller.rb
+++ b/activestorage/app/controllers/active_storage/representations_controller.rb
@@ -9,6 +9,6 @@ class ActiveStorage::RepresentationsController < ActiveStorage::BaseController
 
   def show
     expires_in ActiveStorage.service_urls_expire_in
-    redirect_to @blob.representation(params[:variation_key]).processed.service_url(disposition: params[:disposition])
+    redirect_to @blob.representation(params[:variation_key]).processed.service_url(disposition: params[:disposition]), allow_other_host: true
   end
 end
-- 
cgit v1.2.3