url_from
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9
- 3.1.0
- 3.2.1
- 3.2.8
- 3.2.13
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0
- 6.1.3.1
- 6.1.7.7
- 7.0.0 (0)
- 7.1.3.2 (38)
- 7.1.3.4 (0)
- What's this?
url_from(location)
public
Verifies the passed location is an internal URL that’s safe to redirect to and returns it, or nil if not. Useful to wrap a params provided redirect URL and fallback to an alternate URL to redirect to:
redirect_to url_from(params[:redirect_url]) || root_url
The location is considered internal, and safe, if it’s on the same host as request.host:
# If request.host is example.com: url_from("https://example.com/profile") # => "https://example.com/profile" url_from("http://example.com/profile") # => "http://example.com/profile" url_from("http://evil.com/profile") # => nil
Subdomains are considered part of the host:
# If request.host is on https://example.com or https://app.example.com, you'd get: url_from("https://dev.example.com/profile") # => nil
NOTE: there’s a similarity with {url_for}[rdoc-ref:ActionDispatch::Routing::UrlFor#url_for], which generates an internal URL from various options from within the app, e.g. url_for(@post). However, #url_from is meant to take an external parameter to verify as in url_from(params[:redirect_url]).