Rails has powerful and configurable redirection assets. It just gets better with every release!
Rails 5 was known for introducing redirect_back which allowed for an easy way to take the user back to where he came from. However, in certain scenarios, he/she would be taken back to an external page. Let’s take an example where a user navigates to our web app from a Google search. Now, if there is logic in the code that redirects the user “back”, the user would be kicked off our web app.
To mitigate this, Rails then introduced allow_other_host which gives the developer a little more control over redirection.
one issue with
allow_other_host is that in case a user is redirected to an external website when the option is turned off,
ArgumentError is raised.
While this is okay when developing an app, it provides very little flexibility when things go live.
Fortunately, Rails is one step ahead of us. Rails 7 will now raise UnsafeRedirectError instead of ArgumentError.
Practically one can use this to rescue all possible
redirect the user to a safe location.
This can be added directly to the ApplicationController.