1
0
Fork 0
forked from fedi/mastodon

Add allow_other_host in redirects which may go outside app (#24252)

This commit is contained in:
Matt Jankowski 2023-03-25 19:38:32 -04:00 committed by GitHub
parent e63524f457
commit e633b26f4f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 3 additions and 3 deletions

View file

@ -5,7 +5,7 @@ class Api::V1::StreamingController < Api::BaseController
if Rails.configuration.x.streaming_api_base_url == request.host if Rails.configuration.x.streaming_api_base_url == request.host
not_found not_found
else else
redirect_to streaming_api_url, status: 301 redirect_to streaming_api_url, status: 301, allow_other_host: true
end end
end end

View file

@ -23,7 +23,7 @@ class MediaProxyController < ApplicationController
redownload! if @media_attachment.needs_redownload? && !reject_media? redownload! if @media_attachment.needs_redownload? && !reject_media?
end end
redirect_to full_asset_url(@media_attachment.file.url(version)) redirect_to full_asset_url(@media_attachment.file.url(version)), allow_other_host: true
end end
private private

View file

@ -70,6 +70,6 @@ class StatusesController < ApplicationController
end end
def redirect_to_original def redirect_to_original
redirect_to ActivityPub::TagManager.instance.url_for(@status.reblog) if @status.reblog? redirect_to(ActivityPub::TagManager.instance.url_for(@status.reblog), allow_other_host: true) if @status.reblog?
end end
end end