Skip to content

add redirect_to options for rails7 allow_other_host #1599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 2, 2023
Merged

add redirect_to options for rails7 allow_other_host #1599

merged 1 commit into from
Jun 2, 2023

Conversation

ihatov08
Copy link
Contributor

In Rails 7, it's necessary to add the allow_other_host option when redirecting to an external path. This has also been made possible in Devise Token Auth, where the allow_other_host option can now be set in redirect_to.

https://api.rubyonrails.org/v7.0.4.2/classes/ActionController/Redirecting.html#method-i-redirect_to

To allow any external redirects pass allow_other_host: true, though using a user-provided param in that case is unsafe.

redirect_to "https://rubyonrails.org", allow_other_host: true

@ihatov08 ihatov08 force-pushed the add_redirect_to_options_for_rails7_allow_other_host branch from 41871f5 to 01eed7c Compare May 24, 2023 02:28
@MaicolBen MaicolBen merged commit f2a8520 into lynndylanhurley:master Jun 2, 2023
@edusurf10
Copy link

How do I pass these redirect options?

@ihatov08
Copy link
Contributor Author

@edusurf10

Please override the redirect_options method.

example:

# app/controllers/overrides/token_validations_controller.rb
module Overrides
  class TokenValidationsController < DeviseTokenAuth::TokenValidationsController
     ...

     protected
     
     def redirect_options
       { allow_other_host: true }
     end
  end

@edusurf10
Copy link

edusurf10 commented Jun 15, 2023
edited
Loading

@ihatov08

But this method is defined in the ApplicationController, do I have to override it in this controller? Or do I need to override it in all the controllers of Devise Token Auth?
Example:
PasswordsController, etc...

My PasswordsController:
image

My Routes:
image

Error:
image

ThiagoAnunciacao pushed a commit to ThiagoAnunciacao/devise_token_auth that referenced this pull request Jul 6, 2023
@ihatov08 @ThiagoAnunciacao
add redirect_to options for rails7 allow_other_host (lynndylanhurley#…
f811af0 
…1599)
@kaekasui kaekasui mentioned this pull request Oct 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ihatov08 @edusurf10 @MaicolBen