From f7030e3506940bccc53af699647b05dfeffb9754 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@student.hpi.de>
Date: Thu, 31 Jan 2019 13:06:28 +0100
Subject: [PATCH] Refactor redirect if user is not authorized

---
 app/controllers/application_controller.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index fd6ceac4..4916847c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -21,12 +21,12 @@ class ApplicationController < ActionController::Base
   def render_not_authorized
     respond_to do |format|
       format.html do
-        if request.referrer.present? && request.referrer.include?(request.base_url)
-          destination = request.referrer
+        # Prevent redirect loop
+        if request.url == request.referrer
+          redirect_to :root, alert: t('application.not_authorized')
         else
-          destination = :root
+          redirect_back fallback_location: :root, allow_other_host: false, alert: t('application.not_authorized')
         end
-        redirect_to(destination, alert: t('application.not_authorized'))
       end
       format.json { render json: {error: t('application.not_authorized')}, status: :unauthorized }
     end