RubygemsResearch

Sha256: e3c8f581836477df87125b1497a36281629e91363ddf23917f45842c94e9e093

Contents?: true

Size: 1.06 KB

Versions: 26

Compression:

Stored size: 1.06 KB

# frozen_string_literal: true

require "active_support/concern"

module Decidim
  # This concern groups methods and helpers related to redirecting the user from URL params.
  module SafeRedirect
    extend ActiveSupport::Concern

    included do
      helper_method :redirect_url

      # Sanitizes the redirect url only allowing relative paths or absolute URLs
      # that match the current organization.
      def redirect_url
        return if params[:redirect_url].blank?

        # Parse given URL
        target_uri = URI.parse(params[:redirect_url])

        # Add the organization host to the URL if not present
        target_uri = URI.join("#{request.scheme}://#{current_organization.host}", target_uri) unless target_uri.host

        # Don't allow URLs without host or with a different host than the organization one
        return if target_uri.host != current_organization.host

        # Convert the URI to relative
        target_uri.scheme = target_uri.host = target_uri.port = nil

        # Return the relative URL
        target_uri.to_s
      end
    end
  end
end

Version data entries

26 entries across 26 versions & 1 rubygems

Version	Path
decidim-core-0.27.9	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.8	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.7	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.6	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.26.10	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.26.9	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.5	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.26.8	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.4	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.3	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.26.7	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.26.5	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.2	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.1	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.26.4	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.0	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.26.3	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.0.rc2	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.27.0.rc1	app/controllers/concerns/decidim/safe_redirect.rb
decidim-core-0.26.2	app/controllers/concerns/decidim/safe_redirect.rb