Back to Blog

Rails 5.2 adds allow_other_host to redirect_back method

on May 30, 2018

Rails 5.0 had introduced redirect_back method to perform redirection to path present in HTTP_REFERRER. If there is no HTTP_REFERRER present, then site is redirected to fallback_location.

Now consider the following scenario.

In one of the searches on, we see a link to On clicking the link, we are navigated to

When somebody gets redirected to from, the HTTP REFERRER is set to

If uses redirect_back in its code then the user will get redirected to which might be undesired behavior for some applications.

To avoid such cases, Rails 5.2 has added a flag allow_other_host to not allow redirecting to a different host other than the current site.

By default, allow_other_host option is set to true. So if you do not want users to go back to then you need to explicitly set allow_other_host: false.

3#=> ""
5> request.headers["Referrer"]
6#=> ""
8# This will redirect back to
9redirect_back(fallback_path: "/")
11# This will not redirect back to
12redirect_back(fallback_path: "/", allow_other_host: false)

You might also like

If you liked this blog post, check out similar ones from BigBinary