Module: InternalRedirect

Extended by:
ActiveSupport::Concern
Included in:
Admin::ApplicationSettingsController, Admin::SessionsController, ContinueParams, Projects::ServicesController, SessionsController, Users::TermsController
Defined in:
app/controllers/concerns/internal_redirect.rb

Instance Method Summary collapse

Instance Method Details

#full_path_for_uri(uri) ⇒ Object


37
38
39
40
# File 'app/controllers/concerns/internal_redirect.rb', line 37

def full_path_for_uri(uri)
  path_with_query = [uri.path, uri.query].compact.join('?')
  [path_with_query, uri.fragment].compact.join("#")
end

#host_allowed?(uri) ⇒ Boolean

Returns:

  • (Boolean)

32
33
34
35
# File 'app/controllers/concerns/internal_redirect.rb', line 32

def host_allowed?(uri)
  uri.host == request.host &&
    uri.port == request.port
end

#referer_path(request) ⇒ Object


42
43
44
45
46
# File 'app/controllers/concerns/internal_redirect.rb', line 42

def referer_path(request)
  return unless request.referer.presence

  URI(request.referer).path
end

#safe_redirect_path(path) ⇒ Object


6
7
8
9
10
11
12
13
14
15
16
17
# File 'app/controllers/concerns/internal_redirect.rb', line 6

def safe_redirect_path(path)
  return unless path
  # Verify that the string starts with a `/` and a known route character.
  return unless path =~ %r{\A/[-\w].*\z}

  uri = URI(path)
  # Ignore anything path of the redirect except for the path, querystring and,
  # fragment, forcing the redirect within the same host.
  full_path_for_uri(uri)
rescue URI::InvalidURIError
  nil
end

#safe_redirect_path_for_url(url) ⇒ Object


19
20
21
22
23
24
25
26
# File 'app/controllers/concerns/internal_redirect.rb', line 19

def safe_redirect_path_for_url(url)
  return unless url

  uri = URI(url)
  safe_redirect_path(full_path_for_uri(uri)) if host_allowed?(uri)
rescue URI::InvalidURIError
  nil
end

#sanitize_redirect(url_or_path) ⇒ Object


28
29
30
# File 'app/controllers/concerns/internal_redirect.rb', line 28

def sanitize_redirect(url_or_path)
  safe_redirect_path(url_or_path) || safe_redirect_path_for_url(url_or_path)
end