From e633b26f4f69c068f6479e09254a6ae2277b73dd Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Sat, 25 Mar 2023 19:38:32 -0400 Subject: [PATCH] Add allow_other_host in redirects which may go outside app (#24252) --- app/controllers/api/v1/streaming_controller.rb | 2 +- app/controllers/media_proxy_controller.rb | 2 +- app/controllers/statuses_controller.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/streaming_controller.rb b/app/controllers/api/v1/streaming_controller.rb index b23a60170c..0cdd00d62f 100644 --- a/app/controllers/api/v1/streaming_controller.rb +++ b/app/controllers/api/v1/streaming_controller.rb @@ -5,7 +5,7 @@ class Api::V1::StreamingController < Api::BaseController if Rails.configuration.x.streaming_api_base_url == request.host not_found else - redirect_to streaming_api_url, status: 301 + redirect_to streaming_api_url, status: 301, allow_other_host: true end end diff --git a/app/controllers/media_proxy_controller.rb b/app/controllers/media_proxy_controller.rb index 3b228722f3..f29b69a24a 100644 --- a/app/controllers/media_proxy_controller.rb +++ b/app/controllers/media_proxy_controller.rb @@ -23,7 +23,7 @@ class MediaProxyController < ApplicationController redownload! if @media_attachment.needs_redownload? && !reject_media? end - redirect_to full_asset_url(@media_attachment.file.url(version)) + redirect_to full_asset_url(@media_attachment.file.url(version)), allow_other_host: true end private diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 0e0783b4b2..fcb3cd4fa3 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -70,6 +70,6 @@ class StatusesController < ApplicationController end def redirect_to_original - redirect_to ActivityPub::TagManager.instance.url_for(@status.reblog) if @status.reblog? + redirect_to(ActivityPub::TagManager.instance.url_for(@status.reblog), allow_other_host: true) if @status.reblog? end end