redirectr 1.0.4 → 1.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cf3a0eaa6ed55c0c7722b84a88addea998ad0844dec44a9610d020bac71bdda5
-  data.tar.gz: cbe50d0fa0f7f0ff9cc72b2f2997a066cb5a11a0efd70987e69fd39c0a07b5e6
+  metadata.gz: 79b2022bb7a4aff997edf0f04e89276a17377b3a28c2fd33b071ce1314b13a9e
+  data.tar.gz: 4d271d1e980abeb41ef64cce2c227a1a31cb9bbd4f0e6e87859dc25c2606f55b
 SHA512:
-  metadata.gz: 8f940d86c27e9163aa842b6f3f3f92d9f9d1739cad2adbecf73979261d71bb8f1a10031dfe36fc809f9aeaa8028d58129c3ea6d5bce9ef4b45eeb5c32f2828a1
-  data.tar.gz: fe4aab1b8b7698820cfd26265c578bce574cbf9f2af0ed7ec926ce42230ac9a8edcbb74d58c1afc1075c74decdc836f9af889e43a16cd70a3bbba9d4f69a6fe6
+  metadata.gz: e8bdcf8567203138565fbd36c2a991053b2f1b643a91e459d9df88185fb0719ecc20755001b0005841fbc258c33800eb9b8547776fab3c92d6ba11834786c67f
+  data.tar.gz: 7b7533058f982773d7431d337a64a1efb9aa69072fe065aa02b35629765d620d7cec936aa2dd1bf7742d4ebfdff8560b28ae6effd1c3d184b498ca646068948d

data/README.md

@@ -1,3 +1,5 @@
+[![Test](https://github.com/wvk/redirectr/actions/workflows/test.yml/badge.svg)](https://github.com/wvk/redirectr/actions/workflows/test.yml)
+
 # Redirectr
 
 In many web applications, the user triggers actions that result in simple or complex workflows that should, after that workflow is finished, result in the user being redirected to the page where he initially started it. Another example would be a "back"-Link on any page.
@@ -25,34 +27,38 @@ Please read this section if you are already using an older version of Redirectr
 
 Pre-1.0 versions of Redirectr automatically included some view helpers (`hidden_referrer_input_tag`, `link_to_back`). This is no longer the case, so please add the following to your `app/helper/application_helper.rb`:
 
-    module ApplicationHelper
-      include Redirectr::ApplicationHelper
-    end
+```ruby
+module ApplicationHelper
+  include Redirectr::ApplicationHelper
+end
+````
 
-Please note that methods like `current_path`, `referrer_path` have been removed. Only `current_url`, `referrer_url` exist. Please do also note that the value returned by these methods is not a String containing an URI value anymore. Instead, a Redirectr::ReferrerToken is returned which maps a token to an URI. To get the URI value, call `#to_s` (e.g. when used in a `redirect_to` call). When used as an URL parameter, Rails calls `#to_param` which returns the token.
+Please note that methods like `current_path`, `referrer_path` have been removed. Only `current_url`, `referrer_url` exist. Please do also note that the value returned by these methods is not a String containing an URI value anymore. Instead, a `Redirectr::ReferrerToken` is returned which maps a token to an URI. To get the URI value, call `#to_s` (e.g. when used in a `redirect_to` call). When used as an URL parameter, Rails calls `#to_param` which returns the token.
 
 Summary:
 
-    # pre-1.0.0:
-    referrer_url.inspect # => 'https://example.com/...'
-    redirect_to referrer_url
-    redirect_to back_or_default
-
-    # post-1.0.0:
-    referrer_url.inspect # => '#<Redirectr::ReferrerToken:... @url="..." @token="...">'
-    redirect_to referrer_url.to_s
-    redirect_to back_or_default.to_s
-    # OR, if you mount Redirectr::Engine in your routes
-    redirect_to referrer_url
-    redirect_to back_or_default
-
-    # pre-1.0.0:
-    link_to 'take me back', back_or_default(my_url)
-
-    # post-1.0.0:
-    link_to 'take me back', back_or_default(my_url).to_s
-    # OR, if you mount Redirectr::Engine in your routes
-    link_to 'take me back', back_or_default(my_url)
+```ruby
+# pre-1.0.0:
+referrer_url.inspect # => 'https://example.com/...'
+redirect_to referrer_url
+redirect_to back_or_default
+
+# post-1.0.0:
+referrer_url.inspect # => '#<Redirectr::ReferrerToken:... @url="..." @token="...">'
+redirect_to referrer_url.to_s
+redirect_to back_or_default.to_s
+# OR, if you mount Redirectr::Engine in your routes
+redirect_to referrer_url
+redirect_to back_or_default
+
+# pre-1.0.0:
+link_to 'take me back', back_or_default(my_url)
+
+# post-1.0.0:
+link_to 'take me back', back_or_default(my_url).to_s
+# OR, if you mount Redirectr::Engine in your routes
+link_to 'take me back', back_or_default(my_url)
+```
 
 ## Examples
 
@@ -62,44 +68,68 @@ Suppose you have an application with a contact form that can be reached via a fo
 
 for the footer link to the contact form:
 
-    <%= link_to 'Contact us!', new_contact_path(referrer_param => current_url) %>
+```erb
+<%= link_to 'Contact us!', new_contact_path(referrer_param => current_url) %>
+```
 
 In the 'new contact' view:
 
-    <%= form_for ... do |f| %>
-      <%= hidden_referrer_input_tag %>
-      <!-- ... -->
-    <% end %>
+```erb
+<%= form_for ... do |f| %>
+  <%= hidden_referrer_input_tag %>
+  <!-- ... -->
+<% end %>
+```
 
 and finally, in the 'create' action of your ContactsController:
 
-    def create
-      # ...
-      redirect_to back_or_default.to_s
-    end
+```ruby
+def create
+  # ...
+  redirect_to back_or_default.to_s
+end
+```
 
 ### Custom default_url
 
 The above will redirect the user back to the page specified in the referrer param. However, if you want to provide a custom fallback url per controller in case no referrer param is provided, just define the `#default_url` in your controller:
 
-    class MyController < ApplicationController
-      def default_url
-        if @record
-          my_record_path(@record)
-        else
-          my_record_index_path
-        end
-      end
+```ruby
+class MyController < ApplicationController
+  def default_url
+    if @record
+      my_record_path(@record)
+    else
+      my_record_index_path
     end
+  end
+end
+```
 
 ### Nesting referrers
 
 Referrer params can be nested, which is helpful if your workflow involves branching into subworkflows. Thus, it is always possible to pass the referrer_param to another url:
 
-    <%= link_to 'go back directly', referrer_or_current_url %>
-    <%= link_to 'add new Foobar before going back', new_foobar_url(:foobar =>  {:name => 'My Foo'}, referrer_param => referrer_or_current_url) %>
+```erb
+<%= link_to 'go back directly', referrer_or_current_url %>
+<%= link_to 'add new Foobar before going back', new_foobar_url(:foobar =>  {:name => 'My Foo'}, referrer_param => referrer_or_current_url) %>
+```
+
+NOTE: If your URLs include lots of params, it is very advisable to use Referrer Tokens instead of plain URLs to avoid "URI too long" errors. See next section.
+
+### `current_url(anchor: ...)`
+
+You can now pass an `anchor:` keyword to `current_url` to override the URL fragment.  
+This is useful when linking back to a specific position in a long list (e.g., after editing an item).
 
-NOTE: If your URLs include lots of params, it is very advisable to use Referrer Tokens instead of plain URLs to avoud "URI too long" errors. See next section.
+**Example:**
+
+```ruby
+current_url(anchor: "item-42")
+# => "/projects/7/tasks?filter=done#item-42"
+```
+
+If no anchor is given, the current fragment is preserved (if any).
 
 ## Unvalidated Redirect Mitigation
 
@@ -115,30 +145,47 @@ Redirectr offers three kinds of mitigation, two of them being optional:
 
 By default, Redirectr checks the protocol, hostname and port of the referrer against the corresponding values of the current request. You may add your own:
 
-    YourApp::Application.configure do
-      config.x.redirectr.whitelist = %w( http://localhost:3000 https://my.host.com )
-    end
+```ruby
+YourApp::Application.configure do
+  config.x.redirectr.whitelist = %w( http://localhost:3000 https://my.host.com )
+end
+```
 
 ### Token instead of URL (URL-shortener)
 
 Instead of using a URL in the referrer token, redirectr can act as an URL shortener that maps random tokens to URLs. This requires a storage_implementation to be defined:
 
+```ruby
+require 'redirectr/referrer_token/active_record_storage'
 
-    require 'redirectr/referrer_token/active_record_storage'
-
-    YourApp::Application.configure do
-      config.x.redirectr.use_referrer_token = true
-      config.x.redirectr.reuse_tokens = true # set to false to generate a new token for each and every link
-      config.x.redirectr.storage_implementation = Redirectr::ReferrerToken::ActiveRecordStorage
-    end
+YourApp::Application.configure do
+  config.x.redirectr.use_referrer_token = true
+  config.x.redirectr.reuse_tokens = true # set to false to generate a new token for each and every link
+  config.x.redirectr.storage_implementation = Redirectr::ReferrerToken::ActiveRecordStorage
+end
+```
 
 This example requires a table named 'redirectr_referrer_tokens' to be present with two columns: `url` and `token`. To install and apply the required schema migration, run:
 
-    bundle exec rails redirectr:install:migrations
-    bundle exec rails db:migrate
+```bash
+bundle exec rails redirectr:install:migrations
+bundle exec rails db:migrate
+```
 
 Redirectr::ReferrerToken has two representations: #to_s displays the URL and #to_param its tokenized form. Depending on your config, this can be either a random token, an encrypted URL or the plaintext URL.
 
+### Graceful Handling of Invalid Referrer Origins
+
+Redirectr normally raises `Redirectr::InvalidReferrerToken` when the referrer’s origin (host/protocol/port) is not allowed. If you prefer to **treat such cases as if no referrer was provided**, enable:
+
+```ruby
+YourApp::Application.configure do
+  config.x.redirectr.discard_referrer_on_invalid_origin = true
+end
+```
+
+With this option, `referrer_url` returns `nil` for invalid origins rather than raising an exception, so any code using it naturally falls back to its own default handling.
+
 ## Contributions
 
 Contributions like bugfixes and new ideas are more than welcome. Please just fork this project on github (https://github.com/wvk/redirectr) and send me a pull request with your changes.

data/app/helpers/redirectr/application_helper.rb

@@ -12,7 +12,7 @@ module Redirectr
     # Handy for use in forms that are called with a referrer param which
     # has to be passed on and respected by the form processing action.
     def hidden_referrer_input_tag(options = {})
-      hidden_field_tag :referrer, referrer_or_current_url.to_param, options
+      hidden_field_tag :referrer, referrer_url.to_param, options
     end
 
   end

data/lib/redirectr/version.rb

@@ -1,3 +1,3 @@
 module Redirectr
-  VERSION = '1.0.4'
+  VERSION = '1.0.6'
 end

data/lib/redirectr.rb

@@ -28,6 +28,9 @@ module Redirectr
   class InvalidReferrerToken < ArgumentError
   end
 
+  class InvalidUrl < ArgumentError
+  end
+
   def self.config
     Rails.configuration.x.redirectr
   end
@@ -89,14 +92,23 @@ module Redirectr
     #
     #  <%= link_to my_messages_url referrer_param => current_url %>
     #
-    def current_url
-      if request.respond_to? :url # for rack >= 2.0.0
-        ReferrerToken(request.url)
-      elsif request.respond_to? :original_url # for rails >= 4.0.0
-        ReferrerToken(request.original_url)
-      else
-        ReferrerToken(request.env['REQUEST_URI'])
+    def current_url(anchor: nil)
+      url = if request.respond_to? :url # for rack >= 2.0.0
+              request.url
+            elsif request.respond_to? :original_url # for rails >= 4.0.0
+              request.original_url
+            else
+              request.env['REQUEST_URI']
+            end
+      if anchor
+        if anchor.is_a?(ActiveRecord::Base)
+          anchor = ActionView::RecordIdentifier.dom_id(anchor)
+        end
+        url = URI.parse(url.to_s)
+        url.fragment = anchor
+        url = url.to_s
       end
+      ReferrerToken(url)
     end
 
     # Return the referrer or the current path, it the former is not set.
@@ -143,13 +155,15 @@ module Redirectr
       if self.referrer_url.present?
         self.referrer_url
       else
-        case default
+        url = default || self.default_url
+
+        case url
         when nil
-          ReferrerToken(self.default_url)
+          raise Redirectr::InvalidUrl, 'No URL given'
         when String
-          ReferrerToken(default)
+          ReferrerToken(url)
         else
-          ReferrerToken(url_for(default))
+          ReferrerToken(url_for(url))
         end
       end
     end
@@ -171,6 +185,8 @@ module Redirectr
         referrer_token
       elsif parsed_url.relative?
         referrer_token
+      elsif Redirectr.config.discard_referrer_on_invalid_origin
+        nil
       else
         raise Redirectr::UrlNotInWhitelist, "#{parsed_url.inspect} - #{redirect_whitelist.inspect}"
       end
@@ -205,4 +221,3 @@ module Redirectr
 end # module Redirectr
 
 ActionController::Base.send :include, Redirectr::ControllerMethods
-

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: redirectr
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.0.6
 platform: ruby
 authors:
 - Willem van Kerkhof
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-05 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -63,7 +62,6 @@ homepage: http://github.com/wvk/redirectr
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -78,8 +76,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.20
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Rails referrer-URL handling done right
 test_files: []