From 7f2b6237470d854d274f0363fce2eab2fddc3d02 Mon Sep 17 00:00:00 2001
From: Wendel Fabian Chinsamy <wendel.chinsamy@datacite.org>
Date: Wed, 12 Jun 2024 11:38:48 +0200
Subject: [PATCH] fix unsafe redirect error part 2

---
 app/controllers/users/sessions_controller.rb   |  7 -------
 config/initializers/devise_allow_other_host.rb | 14 ++++++++++++++
 2 files changed, 14 insertions(+), 7 deletions(-)
 create mode 100644 config/initializers/devise_allow_other_host.rb

diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index 22d4bd3..b304c6c 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -54,12 +54,5 @@ def empty_cookie
         secure: !Rails.env.development? && !Rails.env.test?,
         domain: domain }
     end
-
-    private
-      def redirect_options
-        {
-          allow_other_host: true
-        }
-      end
   end
 end
diff --git a/config/initializers/devise_allow_other_host.rb b/config/initializers/devise_allow_other_host.rb
new file mode 100644
index 0000000..a0f6f74
--- /dev/null
+++ b/config/initializers/devise_allow_other_host.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Devise
+  module Controllers
+    module Helpers
+      def redirect_to(options = {}, response_options = {})
+        if options.is_a?(String) && options.match?(/\Ahttps?:\/\//)
+          response_options[:allow_other_host] = true
+        end
+        super(options, response_options)
+      end
+    end
+  end
+end