forked from fedi/mastodon
Add allow_other_host in redirects which may go outside app (#24252)
This commit is contained in:
parent
e63524f457
commit
e633b26f4f
|
@ -5,7 +5,7 @@ class Api::V1::StreamingController < Api::BaseController
|
||||||
if Rails.configuration.x.streaming_api_base_url == request.host
|
if Rails.configuration.x.streaming_api_base_url == request.host
|
||||||
not_found
|
not_found
|
||||||
else
|
else
|
||||||
redirect_to streaming_api_url, status: 301
|
redirect_to streaming_api_url, status: 301, allow_other_host: true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,7 @@ class MediaProxyController < ApplicationController
|
||||||
redownload! if @media_attachment.needs_redownload? && !reject_media?
|
redownload! if @media_attachment.needs_redownload? && !reject_media?
|
||||||
end
|
end
|
||||||
|
|
||||||
redirect_to full_asset_url(@media_attachment.file.url(version))
|
redirect_to full_asset_url(@media_attachment.file.url(version)), allow_other_host: true
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
|
@ -70,6 +70,6 @@ class StatusesController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def redirect_to_original
|
def redirect_to_original
|
||||||
redirect_to ActivityPub::TagManager.instance.url_for(@status.reblog) if @status.reblog?
|
redirect_to(ActivityPub::TagManager.instance.url_for(@status.reblog), allow_other_host: true) if @status.reblog?
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue