Issue with Unsafe Redirect Error when Creating Menu Item

Hi everyone,

I’m currently working on customizing Open OnDemand by creating a menu item as specified in the documentation. However, I’m encountering an issue with the following error:

#<ActionController::Redirecting::UnsafeRedirectError: Unsafe redirect to "https://openondemand.org/", pass allow_other_host: true to redirect anyway.>

It seems that the application is trying to redirect to a URL that is not considered safe by default. I understand that I need to allow redirects to other hosts by setting the allow_other_host option to true, but I’m not sure where exactly to make this change.

Has anyone else faced this issue? Any guidance on how to resolve this would be greatly appreciated!

Thanks in advance for your help!

I’ve never seen that error before. Can you give us the configuration you’re trying?

This is the manifest.yml that we are using:

---
name: HPC Confluence Documentation

category: Links
description: |-
  Link to the HPC Confluence Documentation

url: 'https://internal.url.to.documentation.com'

new_window: true

tile:
  border_color: "black"
  sub_caption: |
    Link to the
    HPC Confluence Documentation

Do you need anything else about some specific config?

No I think that’s it. I’ll look into it and see if I can replicate.

Thank you. To clarify, the issue began with the upgrade to version 4.0; the same manifest.yml file was working fine in version 3.0.

Hello, I’m facing the same problem on the OOD 4.0. Have you found a fix? We are blocked

Dear Jeff,

I’m Dzung Nguyen. I am one of the maintainers of Open OnDemand for housing clusters at LRZ (https://www.lrz.de/). Many thanks to you and the team for bringing us such an awesome tool!
We’ve run into the same issue — the link url for a custom interactive app gets blocked with the same error message. Here, my configuration below in case it helps:

name: STAC Browser
category: Data
description: |
  Curated data catalog for terrabyte platform
url: "https://stac.terrabyte.lrz.de/browser/"
new_window: true

tile:
  sub_caption: ""

#<ActionController::Redirecting::UnsafeRedirectError: Unsafe redirect to "https://stac.terrabyte.lrz.de/browser/", pass allow_other_host: true to redirect anyway.>

Sorry all for the issue and welcome @Harboucha!

I’m patching this in 4.0.1, but in the interim you can patch your own systems by applying this same change to the files. I can provide the file path if you need, please back up the original while editing production files.

That said - I’m not 100% sure whether this needs a configuration or not. That is, maybe we don’t allow this by default and you have to provide a configuration. That configuration could be in 4.0.1, but I’m just not sure if we want that or not.

This is the original diff for anyone wanting to hot patch their system. I’m about to change this to a different strategy so if you see the github link, it may be a different patch.

image2497×591 48.3 KB

That said - one could fix this issue without patching the source code. Following the instructions here: Customizations — Open OnDemand 4.0.0 documentation

For example, instead of the STAC Browser app in the message above, you could provide this configuration to provide the same (correct) link in the navigation bar. You can mix and match actual applications with generic links like this if you have other real apps in the Data category.

nav_bar:
  - title: Data
    links:
      - title: 'STAC Browser'
        url: 'https://stac.terrabyte.lrz.de/browser/'
        new_tab: true

Many thanks, Jeff!

I followed your suggestion for the manual patch, and I can confirm it works!

Kind regards,
Dzung