Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-11-11 00:16:16 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-11-11 00:16:16 +0300
commit: cdcfa7dc144c949663a02c988994798d894c3a7c (patch)
tree: 5e444a2da1f3d727e13c4e4022980f3fbc3b5009 /app/controllers
parent: 93b1f84ccb7c18fa6991fb950d54d4c9b6511b6c (diff)
1 files changed, 36 insertions, 0 deletions
diff --git a/app/controllers/external_redirect/external_redirect_controller.rb b/app/controllers/external_redirect/external_redirect_controller.rb
new file mode 100644
index 00000000000..532196157b7
--- /dev/null
+++ b/app/controllers/external_redirect/external_redirect_controller.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module ExternalRedirect
+  class ExternalRedirectController < ApplicationController
+    feature_category :navigation
+    skip_before_action :authenticate_user!
+    before_action :check_url_param
+
+    def index
+      if known_url?
+        redirect_to url_param
+      else
+        render layout: 'fullscreen', locals: {
+          minimal: true,
+          url: url_param
+        }
+      end
+    end
+
+    private
+
+    def url_param
+      params['url']&.strip
+    end
+
+    def known_url?
+      uri_data = Addressable::URI.parse(url_param)
+
+      uri_data.site == Gitlab.config.gitlab.url
+    end
+
+    def check_url_param
+      render_404 unless ::Gitlab::UrlSanitizer.valid_web?(url_param)
+    end
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-11-11 00:16:16 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-11-11 00:16:16 +0300
commit	cdcfa7dc144c949663a02c988994798d894c3a7c (patch)
tree	5e444a2da1f3d727e13c4e4022980f3fbc3b5009 /app/controllers
parent	93b1f84ccb7c18fa6991fb950d54d4c9b6511b6c (diff)