Merge pull request #922 from amatsuda/OpenRedirectError

Address OpenRedirectError when logging in with Twitter

Author: amatsuda

app/controllers/application_controller.rb

@@ -31,8 +31,8 @@ def after_sign_in_path_for(user)
       session[:pending_invite_accept_url]
     elsif !user.complete?
       edit_profile_path
-    elsif request.referrer.present? && (request.referrer != new_user_session_url) && (request.referrer != user_developer_omniauth_authorize_url)
-      request.referrer
+    elsif (referer = request.referer).present? && (URI.parse(referer).host == request.host) && (referer != new_user_session_url) && !referer.start_with?(edit_password_url(current_user)) && (referer != user_developer_omniauth_authorize_url)
+      referer
     elsif session[:target]
       session.delete(:target)
     elsif user.staff_for?(current_event)