From 8b73c19b476c5a2f01937a2737dc1a52d971bdfd Mon Sep 17 00:00:00 2001
From: Tim Fischbach <tfischbach@codevise.de>
Date: Fri, 5 Jan 2024 12:04:50 +0100
Subject: [PATCH] Allow other host in entry redirect

REDMINE-20487
---
 app/controllers/pageflow/entries_controller.rb      |  2 +-
 spec/requests/pageflow/entries_show_request_spec.rb | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/app/controllers/pageflow/entries_controller.rb b/app/controllers/pageflow/entries_controller.rb
index eefb47d13..40ef11345 100644
--- a/app/controllers/pageflow/entries_controller.rb
+++ b/app/controllers/pageflow/entries_controller.rb
@@ -73,7 +73,7 @@ def entry_request_scope
     def redirect_according_to_entry_redirect(entry)
       return unless (redirect_location = entry_redirect(entry))
 
-      redirect_to(redirect_location, status: :moved_permanently)
+      redirect_to(redirect_location, status: :moved_permanently, allow_other_host: true)
     end
 
     def entry_redirect(entry)
diff --git a/spec/requests/pageflow/entries_show_request_spec.rb b/spec/requests/pageflow/entries_show_request_spec.rb
index e0e276347..ebdc12655 100644
--- a/spec/requests/pageflow/entries_show_request_spec.rb
+++ b/spec/requests/pageflow/entries_show_request_spec.rb
@@ -202,6 +202,17 @@ module Pageflow
           expect(response).to redirect_to('http://www.example.com/some-entry')
         end
 
+        it 'allows redirecting to other host' do
+          entry = create(:entry, :published,
+                         type_name: 'test')
+
+          Pageflow.config.public_entry_redirect = ->(_, _) { 'http://www.example.com/' }
+
+          get(short_entry_url(entry), headers: {'HTTP_HOST' => 'pageflow.example.com'})
+
+          expect(response).to redirect_to('http://www.example.com/')
+        end
+
         it 'does not redirect if nil is returned' do
           entry = create(:entry, :published,
                          type_name: 'test')