responders
responders copied to clipboard
heartcombo
`location` compatibility with `allow_other_host`
When raise_on_open_redirects is enabled in Rails config, redirect_to now raises UnsafeRedirectError in case the host of the redirect location does not match that of the current request. It's ordinarily possible when using redirect_to to specify allow_other_host: true to prevent this error from being raised in situations where UnsafeRedirectError did not need to be raised.
However, if the location param is used, it isn't possible to do this - the redirect path is expected as a single variable.
This does not work:
respond_with @thing, location: redirect_path, allow_other_host: true
I also attempted this:
respond_with @thing do |format|
format.html { redirect_to redirect_path, allow_other_host: true }
end
But this causes a regression in that I'm reliant on respond_with's handling of an invalid record, particularly the error flash.
I'm happy to look into a fix for this myself, but I could perhaps do with some guidance. I think all we might need is to pluck allow_other_host from options and pass this into this call, but we may have room to afford ourselves something more flexible than that.
