--- title: "Rails 5.2 adds allow_other_host to redirect_back method" description: "Rails 5.2 introduces allow_other_host option to redirect_back method to handle redirection for requests received from a different host" canonical_url: "https://www.bigbinary.com/blog/rails-5-2-adds-allow_other_host-option-to-redirect_back-method" markdown_url: "https://www.bigbinary.com/blog/rails-5-2-adds-allow_other_host-option-to-redirect_back-method.md" --- # Rails 5.2 adds allow_other_host to redirect_back method Rails 5.2 introduces allow_other_host option to redirect_back method to handle redirection for requests received from a different host - Author: Mohit Natoo - Published: May 30, 2018 - Categories: Rails 5.2, Rails Rails 5.0 had introduced [redirect_back](https://blog.bigbinary.com/2016/02/29/rails-5-improves-redirect_to_back-with-redirect-back.html) method to perform redirection to path present in `HTTP_REFERRER`. If there is no `HTTP_REFERRER` present, then site is redirected to `fallback_location`. Now consider the following scenario. In one of the searches on `google.com`, we see a link to `bigbinary.com`. On clicking the link, we are navigated to `bigbinary.com`. When somebody gets redirected to `bigbinary.com` from `google.com`, the HTTP REFERRER is set to `google.com` If `bigbinary.com` uses `redirect_back` in its code then the user will get redirected to `google.com` which might be undesired behavior for some applications. To avoid such cases, Rails 5.2 has added a flag [allow_other_host](https://github.com/rails/rails/pull/30850/commits/0db6a14ae16b143e078375ff7f3c940cf707290b) to not allow redirecting to a different host other than the current site. By default, `allow_other_host` option is set to `true`. So if you do not want users to go back to `google.com` then you need to explicitly set `allow_other_host: false`. ```ruby > request.host #=> "http://www.bigbinary.com" > request.headers["Referrer"] #=> "http://www.google.com" # This will redirect back to google.com redirect_back(fallback_path: "/") # This will not redirect back to google.com redirect_back(fallback_path: "/", allow_other_host: false) ``` ## Links - [Human page](https://www.bigbinary.com/blog/rails-5-2-adds-allow_other_host-option-to-redirect_back-method)