Sha256: 90ffcfdacd9ffa8526df90364be6d2267b1e9ccf0080f2ff39417e0c835b87ad

Contents?: true

Size: 1.06 KB

Versions: 13

Compression:

Stored size: 1.06 KB

Contents

# frozen_string_literal: true

require "active_support/concern"

module Decidim
  # This concern groups methods and helpers related to redirecting the user from URL params.
  module SafeRedirect
    extend ActiveSupport::Concern

    included do
      helper_method :redirect_url

      # Sanitizes the redirect url only allowing relative paths or absolute URLs
      # that match the current organization.
      def redirect_url
        return if params[:redirect_url].blank?

        # Parse given URL
        target_uri = URI.parse(params[:redirect_url])

        # Add the organization host to the URL if not present
        target_uri = URI.join("#{request.scheme}://#{current_organization.host}", target_uri) unless target_uri.host

        # Do not allow URLs without host or with a different host than the organization one
        return if target_uri.host != current_organization.host

        # Convert the URI to relative
        target_uri.scheme = target_uri.host = target_uri.port = nil

        # Return the relative URL
        target_uri.to_s
      end
    end
  end
end

Version data entries

13 entries across 13 versions & 1 rubygems

Version Path
decidim-core-0.29.1 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.28.4 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.29.0 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.28.3 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.29.0.rc4 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.29.0.rc3 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.29.0.rc2 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.29.0.rc1 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.28.2 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.28.1 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.28.0 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.28.0.rc5 app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.28.0.rc4 app/controllers/concerns/decidim/safe_redirect.rb