htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Limit redirect to host

Browse Source
This commit is contained in:
Sebastian Serth
2019-01-15 17:36:32 +01:00
parent 27aa822e27
commit d45dc04a3e
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/application_controller.rb
View File

@ -20,7 +20,14 @@ class ApplicationController < ActionController::Base
def render_not_authorized def render_not_authorized
respond_to do |format| respond_to do |format|
format.html { redirect_to(request.referrer || :root, alert: t('application.not_authorized')) } format.html do
if request.referrer.present? && request.referrer.include?(request.base_url)
destination = request.referrer
else
destination = :root
end
redirect_to(destination, alert: t('application.not_authorized'))
end
format.json { render json: {error: t('application.not_authorized')}, status: :unauthorized } format.json { render json: {error: t('application.not_authorized')}, status: :unauthorized }
end end
end end