From 2e0ca9284a6864cfbbb632d849df3fdd7a7c554e Mon Sep 17 00:00:00 2001
From: Gannon McGibbon <gannon.mcgibbon@gmail.com>
Date: Tue, 22 Jan 2019 11:40:13 -0500
Subject: Revert ensure external redirects are explicitly allowed

---
 activestorage/app/controllers/active_storage/blobs_controller.rb        | 2 +-
 .../app/controllers/active_storage/representations_controller.rb        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'activestorage')

diff --git a/activestorage/app/controllers/active_storage/blobs_controller.rb b/activestorage/app/controllers/active_storage/blobs_controller.rb
index a8e42d7356..4fc3fbe824 100644
--- a/activestorage/app/controllers/active_storage/blobs_controller.rb
+++ b/activestorage/app/controllers/active_storage/blobs_controller.rb
@@ -9,6 +9,6 @@ class ActiveStorage::BlobsController < ActiveStorage::BaseController
 
   def show
     expires_in ActiveStorage.service_urls_expire_in
-    redirect_to @blob.service_url(disposition: params[:disposition]), allow_other_host: true
+    redirect_to @blob.service_url(disposition: params[:disposition])
   end
 end
diff --git a/activestorage/app/controllers/active_storage/representations_controller.rb b/activestorage/app/controllers/active_storage/representations_controller.rb
index d01af5d939..98e11e5dbb 100644
--- a/activestorage/app/controllers/active_storage/representations_controller.rb
+++ b/activestorage/app/controllers/active_storage/representations_controller.rb
@@ -9,6 +9,6 @@ class ActiveStorage::RepresentationsController < ActiveStorage::BaseController
 
   def show
     expires_in ActiveStorage.service_urls_expire_in
-    redirect_to @blob.representation(params[:variation_key]).processed.service_url(disposition: params[:disposition]), allow_other_host: true
+    redirect_to @blob.representation(params[:variation_key]).processed.service_url(disposition: params[:disposition])
   end
 end
-- 
cgit v1.2.3