app/controllers/concerns/agilibox/back_url_concern.rb in agilibox-1.8.0 vs app/controllers/concerns/agilibox/back_url_concern.rb in agilibox-1.9.0

@@ -5,14 +5,22 @@
 
   def default_back_url
   end
 
   def back_url
-    [
+    url = [
       params[:back_url],
       request.referer,
       default_back_url,
-      main_app.root_path,
+      main_app.try(:root_path),
       "/",
     ].select(&:present?).first
+
+    uri = URI.parse(url)
+    uri.host = nil
+    uri.port = nil
+    uri.scheme = nil
+    uri.user = nil
+    uri.password = nil
+    uri.to_s
   end
 end