redirectr 1.0.5 → 1.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 78c463712785fe0809de6365bbcdff48d9b1ac7ceaf460a927dc9f655d2c0a06
-  data.tar.gz: 1ddab2a796cb3721cd311cd4006f6625109e5b314a28e461f54707443714d57b
+  metadata.gz: 79b2022bb7a4aff997edf0f04e89276a17377b3a28c2fd33b071ce1314b13a9e
+  data.tar.gz: 4d271d1e980abeb41ef64cce2c227a1a31cb9bbd4f0e6e87859dc25c2606f55b
 SHA512:
-  metadata.gz: bc1e0061c954c452bca56fb5ec2cbf6334c2a22ddf3ff4c3709735a92d057b615ec6655a9a71478fc5f5919298c85e58bc1e043e0295e1361d61e982cee898ab
-  data.tar.gz: d3a733007656465049d1901816ce39a70af6f2d19ca2569426a1c4616511c8a4058ef1a8116b311a65868f420638746482bb839ca36c2e510eacebdc33d6a1c6
+  metadata.gz: e8bdcf8567203138565fbd36c2a991053b2f1b643a91e459d9df88185fb0719ecc20755001b0005841fbc258c33800eb9b8547776fab3c92d6ba11834786c67f
+  data.tar.gz: 7b7533058f982773d7431d337a64a1efb9aa69072fe065aa02b35629765d620d7cec936aa2dd1bf7742d4ebfdff8560b28ae6effd1c3d184b498ca646068948d

data/README.md

@@ -117,6 +117,20 @@ Referrer params can be nested, which is helpful if your workflow involves branch
 
 NOTE: If your URLs include lots of params, it is very advisable to use Referrer Tokens instead of plain URLs to avoid "URI too long" errors. See next section.
 
+### `current_url(anchor: ...)`
+
+You can now pass an `anchor:` keyword to `current_url` to override the URL fragment.  
+This is useful when linking back to a specific position in a long list (e.g., after editing an item).
+
+**Example:**
+
+```ruby
+current_url(anchor: "item-42")
+# => "/projects/7/tasks?filter=done#item-42"
+```
+
+If no anchor is given, the current fragment is preserved (if any).
+
 ## Unvalidated Redirect Mitigation
 
 Simply redirecting to an URI provided by HTTP params is considered a security vulnerability (see OWASP cheat sheet https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html). Earlier versions of redirectr did not take any potential issues into account, allowing all kinds of phishing attacs.
@@ -160,6 +174,18 @@ bundle exec rails db:migrate
 
 Redirectr::ReferrerToken has two representations: #to_s displays the URL and #to_param its tokenized form. Depending on your config, this can be either a random token, an encrypted URL or the plaintext URL.
 
+### Graceful Handling of Invalid Referrer Origins
+
+Redirectr normally raises `Redirectr::InvalidReferrerToken` when the referrer’s origin (host/protocol/port) is not allowed. If you prefer to **treat such cases as if no referrer was provided**, enable:
+
+```ruby
+YourApp::Application.configure do
+  config.x.redirectr.discard_referrer_on_invalid_origin = true
+end
+```
+
+With this option, `referrer_url` returns `nil` for invalid origins rather than raising an exception, so any code using it naturally falls back to its own default handling.
+
 ## Contributions
 
 Contributions like bugfixes and new ideas are more than welcome. Please just fork this project on github (https://github.com/wvk/redirectr) and send me a pull request with your changes.

data/app/helpers/redirectr/application_helper.rb

@@ -12,7 +12,7 @@ module Redirectr
     # Handy for use in forms that are called with a referrer param which
     # has to be passed on and respected by the form processing action.
     def hidden_referrer_input_tag(options = {})
-      hidden_field_tag :referrer, referrer_or_current_url.to_param, options
+      hidden_field_tag :referrer, referrer_url.to_param, options
     end
 
   end

data/lib/redirectr/version.rb

@@ -1,3 +1,3 @@
 module Redirectr
-  VERSION = '1.0.5'
+  VERSION = '1.0.6'
 end

data/lib/redirectr.rb

@@ -92,14 +92,23 @@ module Redirectr
     #
     #  <%= link_to my_messages_url referrer_param => current_url %>
     #
-    def current_url
-      if request.respond_to? :url # for rack >= 2.0.0
-        ReferrerToken(request.url)
-      elsif request.respond_to? :original_url # for rails >= 4.0.0
-        ReferrerToken(request.original_url)
-      else
-        ReferrerToken(request.env['REQUEST_URI'])
+    def current_url(anchor: nil)
+      url = if request.respond_to? :url # for rack >= 2.0.0
+              request.url
+            elsif request.respond_to? :original_url # for rails >= 4.0.0
+              request.original_url
+            else
+              request.env['REQUEST_URI']
+            end
+      if anchor
+        if anchor.is_a?(ActiveRecord::Base)
+          anchor = ActionView::RecordIdentifier.dom_id(anchor)
+        end
+        url = URI.parse(url.to_s)
+        url.fragment = anchor
+        url = url.to_s
       end
+      ReferrerToken(url)
     end
 
     # Return the referrer or the current path, it the former is not set.
@@ -176,6 +185,8 @@ module Redirectr
         referrer_token
       elsif parsed_url.relative?
         referrer_token
+      elsif Redirectr.config.discard_referrer_on_invalid_origin
+        nil
       else
         raise Redirectr::UrlNotInWhitelist, "#{parsed_url.inspect} - #{redirect_whitelist.inspect}"
       end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: redirectr
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 1.0.6
 platform: ruby
 authors:
 - Willem van Kerkhof
 bindir: bin
 cert_chain: []
-date: 2025-04-03 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -76,7 +76,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.6
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Rails referrer-URL handling done right
 test_files: []