Skip to content

Instantly share code, notes, and snippets.

@arthurnn
Created October 17, 2014 21:59
Show Gist options
  • Save arthurnn/66db543b298fddbda0c4 to your computer and use it in GitHub Desktop.
Save arthurnn/66db543b298fddbda0c4 to your computer and use it in GitHub Desktop.
module ActionControllerRedirectPatch
extend ActiveSupport::Concern
class BadRedirectTo < StandardError; end
included do
config_accessor :allowed_url_protocols
self.allowed_url_protocols = ["http", "https", "mailto"]
end
def redirect_to(options = {}, response_status = {})
if options.is_a?(ActionController::Parameters)
raise BadRedirectTo.new("Invalid redirect using options that are a parameter.")
end
@_allow_protocols = response_status.delete(:allow_all_protocols)
super
ensure
@_allow_protocols = nil
end
def _extract_redirect_to_status(options, response_status)
status = super
raise "Redirect is not status 3XX!" unless (300..399).include?(status)
status
end
def _compute_redirect_to_location(options) #:nodoc:
url = super
if !@_allow_protocols && url =~ /\A([^:]+):\/\//
raise "Redirect cannot use a protocol #{$1}!" unless self.class.allowed_url_protocols.include?($1)
end
url
end
end
ActionController::Base.include(ActionControllerRedirectPatch)
ActionController::Base.allowed_url_protocols += ['shopify', 'shopify-admin']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment