ActionController::Redirecting::UnsafeRedirectError
in Rails 7 if you get ActionController::Redirecting::UnsafeRedirectError
it just means you try to redirect_to url that don’t match your app host url so instead of:
external_url = 'https://www.eq8.eu'
redirect_to external_url
do
external_url = 'https://www.eq8.eu'
redirect_to external_url, allow_other_host: true
full example:
class MyController < ApplicationController
# ...
def show
external_url = 'https://www.eq8.eu'
redirect_to external_url, allow_other_host: true
end
end
also the redirect_back
option is affected
redirect_back(fallback_path: "/", allow_other_host: false)
related articles:
- https://blog.saeloun.com/2022/02/08/rails-7-raise-unsafe-redirect-error
- https://www.bigbinary.com/blog/rails-5-2-adds-allow_other_host-option-to-redirect_back-method
- https://github.com/rails/rails/pull/22506
- https://github.com/rails/rails/blob/aa55566bcf6db88e9793ce2771954e2652a736de/activestorage/app/controllers/active_storage/blobs/redirect_controller.rb
Comments
If you need to change default behavior of your rails 7 app, set <pre>config.action_controller.raise_on_open_redirects = false</pre> in your application.rb.
It might be useful, if there are an external redirect in a gem. (Eg : sorcery)
Post a comment