From e633b26f4f69c068f6479e09254a6ae2277b73dd Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Sat, 25 Mar 2023 19:38:32 -0400 Subject: Add allow_other_host in redirects which may go outside app (#24252) --- app/controllers/statuses_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/statuses_controller.rb') diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index 0e0783b4b..fcb3cd4fa 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -70,6 +70,6 @@ class StatusesController < ApplicationController end def redirect_to_original - redirect_to ActivityPub::TagManager.instance.url_for(@status.reblog) if @status.reblog? + redirect_to(ActivityPub::TagManager.instance.url_for(@status.reblog), allow_other_host: true) if @status.reblog? end end -- cgit From 0663803348440cc4b66f061801259dc10c0ad83d Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Sat, 25 Mar 2023 19:40:01 -0400 Subject: Move link header setting to after_action (#24251) --- app/controllers/concerns/account_controller_concern.rb | 3 ++- app/controllers/statuses_controller.rb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'app/controllers/statuses_controller.rb') diff --git a/app/controllers/concerns/account_controller_concern.rb b/app/controllers/concerns/account_controller_concern.rb index 2f7d84df0..e9cff22ca 100644 --- a/app/controllers/concerns/account_controller_concern.rb +++ b/app/controllers/concerns/account_controller_concern.rb @@ -10,7 +10,8 @@ module AccountControllerConcern included do before_action :set_instance_presenter - before_action :set_link_headers, if: -> { request.format.nil? || request.format == :html } + + after_action :set_link_headers, if: -> { request.format.nil? || request.format == :html } end private diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb index fcb3cd4fa..d369cd8e6 100644 --- a/app/controllers/statuses_controller.rb +++ b/app/controllers/statuses_controller.rb @@ -9,11 +9,12 @@ class StatusesController < ApplicationController before_action :require_account_signature!, only: [:show, :activity], if: -> { request.format == :json && authorized_fetch_mode? } before_action :set_status before_action :set_instance_presenter - before_action :set_link_headers before_action :redirect_to_original, only: :show before_action :set_cache_headers before_action :set_body_classes, only: :embed + after_action :set_link_headers + skip_around_action :set_locale, if: -> { request.format == :json } skip_before_action :require_functional!, only: [:show, :embed], unless: :whitelist_mode? -- cgit