From c856d4eee9c11db8ce76bea69ca8e9688125538c Mon Sep 17 00:00:00 2001
From: Antonis Berkakis <aberkakis@gmail.com>
Date: Thu, 26 Oct 2023 15:22:38 +0100
Subject: [PATCH 1/2] Allow open redirect for Rails 7.0

Fixes open redirect for Rails 7.0

https://api.rubyonrails.org/classes/ActionController/Redirecting.html#method-i-redirect_to-label-Open+Redirect+protection
---
 lib/sorcery/controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/sorcery/controller.rb b/lib/sorcery/controller.rb
index f6cda708..712cfa4c 100644
--- a/lib/sorcery/controller.rb
+++ b/lib/sorcery/controller.rb
@@ -98,7 +98,7 @@ def current_user=(user)
       # used when a user tries to access a page while logged out, is asked to login,
       # and we want to return him back to the page he originally wanted.
       def redirect_back_or_to(url, flash_hash = {})
-        redirect_to(session[:return_to_url] || url, flash: flash_hash)
+        redirect_to(session[:return_to_url] || url, flash: flash_hash, allow_other_host: true)
         session[:return_to_url] = nil
       end
 

From 3d9b68a51f6fc991ed6663b4d0a32f878f681646 Mon Sep 17 00:00:00 2001
From: Antonis Berkakis <aberkakis@gmail.com>
Date: Thu, 26 Oct 2023 15:27:52 +0100
Subject: [PATCH 2/2] Update CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 08891148..3ee4b6ca 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,8 @@
 # Changelog
 ## HEAD
 
+* Allow open redirect for Rails 7.0 in #redirect_back_or_to method [#351](https://github.com/Sorcery/sorcery/pull/351)
+
 ## 0.16.5
 
 * Raise ArgumentError when calling change_password! with blank password [#333](https://github.com/Sorcery/sorcery/pull/333)