Logs: ActionController::Redirecting::UnsafeRedirectError

Support
1

I am a Chinese individual, and my English is not proficient; therefore, the following content has been machine-translated. Please forgive any impropriety in expression.

I did not perform any particular actions while using the forum, but I inadvertently discovered the following error in the log:

The image shows a collector of web development logs capturing multiple errors due to unsafe redirects from an application to a specific domain. (由 AI 生成标题)
The image shows a collector of web development logs capturing multiple errors due to unsafe redirects from an application to a specific domain. (由 AI 生成标题)1860×313 48.8 KB

info:

ActionController::Redirecting::UnsafeRedirectError (Unsafe redirect to "https://bbs.imbhj.com/c/2/综合讨论", pass allow_other_host: true to redirect anyway.)
app/controllers/categories_controller.rb:37:in `redirect'
app/controllers/application_controller.rb:427:in `block in with_resolved_locale'
app/controllers/application_controller.rb:427:in `with_resolved_locale'
lib/middleware/omniauth_bypass_middleware.rb:35:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:407:in `call'
lib/middleware/csp_script_nonce_injector.rb:12:in `call'
config/initializers/008-rack-cors.rb:14:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
lib/middleware/enforce_hostname.rb:24:in `call'
lib/middleware/processing_request.rb:12:in `call'
lib/middleware/request_tracker.rb:385:in `call'

backtrace:

actionpack (7.2.2.1) lib/action_controller/metal/redirecting.rb:226:in `_enforce_open_redirect_protection'
actionpack (7.2.2.1) lib/action_controller/metal/redirecting.rb:114:in `redirect_to'
actionpack (7.2.2.1) lib/action_controller/metal/flash.rb:64:in `redirect_to'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:52:in `block in redirect_to'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `block in instrument'
activesupport (7.2.2.1) lib/active_support/notifications/instrumenter.rb:58:in `instrument'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `instrument'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:51:in `redirect_to'
app/controllers/categories_controller.rb:37:in `redirect'
actionpack (7.2.2.1) lib/action_controller/metal/basic_implicit_render.rb:8:in `send_action'
actionpack (7.2.2.1) lib/abstract_controller/base.rb:226:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/rendering.rb:193:in `process_action'
actionpack (7.2.2.1) lib/abstract_controller/callbacks.rb:261:in `block in process_action'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:121:in `block in run_callbacks'
app/controllers/application_controller.rb:427:in `block in with_resolved_locale'
i18n (1.14.7) lib/i18n.rb:353:in `with_locale'
app/controllers/application_controller.rb:427:in `with_resolved_locale'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:130:in `block in run_callbacks'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:141:in `run_callbacks'
actionpack (7.2.2.1) lib/abstract_controller/callbacks.rb:260:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/rescue.rb:27:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:77:in `block in process_action'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `block in instrument'
activesupport (7.2.2.1) lib/active_support/notifications/instrumenter.rb:58:in `instrument'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `instrument'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:76:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/params_wrapper.rb:259:in `process_action'
activerecord (7.2.2.1) lib/active_record/railties/controller_runtime.rb:39:in `process_action'
actionpack (7.2.2.1) lib/abstract_controller/base.rb:163:in `process'
actionview (7.2.2.1) lib/action_view/rendering.rb:40:in `process'
rack-mini-profiler (3.3.1) lib/mini_profiler/profiling_methods.rb:89:in `block in profile_method' 
actionpack (7.2.2.1) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (7.2.2.1) lib/action_controller/metal.rb:335:in `dispatch'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:67:in `dispatch'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:50:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:53:in `block in serve'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:133:in `block in find_routes'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:126:in `each'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:126:in `find_routes'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:34:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:896:in `call'
lib/middleware/omniauth_bypass_middleware.rb:35:in `call'
rack (2.2.11) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.2.11) lib/rack/conditional_get.rb:27:in `call'
rack (2.2.11) lib/rack/head.rb:12:in `call'
actionpack (7.2.2.1) lib/action_dispatch/http/permissions_policy.rb:38:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:407:in `call'
lib/middleware/csp_script_nonce_injector.rb:12:in `call'
config/initializers/008-rack-cors.rb:14:in `call'
rack (2.2.11) lib/rack/session/abstract/id.rb:266:in `context'
rack (2.2.11) lib/rack/session/abstract/id.rb:260:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/cookies.rb:704:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (7.2.2.1) lib/action_dispatch/middleware/callbacks.rb:30:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'
logster (2.20.1) lib/logster/middleware/reporter.rb:40:in `call'
railties (7.2.2.1) lib/rails/rack/logger.rb:41:in `call_app'
railties (7.2.2.1) lib/rails/rack/logger.rb:29:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/request_id.rb:33:in `call'
lib/middleware/enforce_hostname.rb:24:in `call'
rack (2.2.11) lib/rack/method_override.rb:24:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/executor.rb:16:in `call'
rack (2.2.11) lib/rack/sendfile.rb:110:in `call'
rack-mini-profiler (3.3.1) lib/mini_profiler.rb:191:in `call'
lib/middleware/processing_request.rb:12:in `call'
message_bus (4.3.8) lib/message_bus/rack/middleware.rb:60:in `call'
lib/middleware/request_tracker.rb:385:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/remote_ip.rb:96:in `call'
railties (7.2.2.1) lib/rails/engine.rb:535:in `call'
railties (7.2.2.1) lib/rails/railtie.rb:226:in `public_send'
railties (7.2.2.1) lib/rails/railtie.rb:226:in `method_missing'
rack (2.2.11) lib/rack/urlmap.rb:74:in `block in call'
rack (2.2.11) lib/rack/urlmap.rb:58:in `each'
rack (2.2.11) lib/rack/urlmap.rb:58:in `call'
unicorn (6.1.0) lib/unicorn/http_server.rb:634:in `process_client'
unicorn (6.1.0) lib/unicorn/http_server.rb:739:in `worker_loop'
unicorn (6.1.0) lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
unicorn (6.1.0) lib/unicorn/http_server.rb:143:in `start'
unicorn (6.1.0) bin/unicorn:128:in `<top (required)>'
vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'

env:

process_id	612
application_version	3f0e84054b5b47d3200b5d91a63f0329fa561f24
HTTP_HOST	bbs.imbhj.com
REQUEST_URI	/category/2/%E7%BB%BC%E5%90%88%E8%AE%A8%E8%AE%BA
REQUEST_METHOD	GET
HTTP_USER_AGENT	Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; https://zhanzhang.toutiao.com/)
HTTP_ACCEPT	text/html,application/xhtml+xml,application/xml;q=0.9,image/heif,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
HTTP_X_FORWARDED_FOR	110.249.202.115, 172.70.214.9, 172.17.0.1
HTTP_X_REAL_IP	172.17.0.1
time	12:42 am

I am unsure if there are any private details within the log; if such exist, I hope to be reminded to make the necessary adjustments.

The version of Discourse I am using:3.5.0.beta1-dev

Last build time: 2025-02-13T11:30:00Z

2

No one? Please help me! :sob::sob::sob:

3

I can’t help much, sorry!
I noticed that the redirection URLs use the wrong format: /c/<id>/<title>.
The title should not be part of it, and if it was mistaken for the slug, it should be placed before the id: /c/<slug>/<id>. How does it happen?

The env shows the ByteDance crawler bot. Are all requests from this bot as well?

4

Do not use Chinese in any abbreviations or domain URLs.

5

I don’t know, but in my discourse instance all the category slugs are normal and accessible!

Thanks for the reply, yes almost all the errors are from (Bytespider;
https://zhanzhang.toutiao.com/ )

I believe that a large number of crawler bots have matched incorrect redirect rules. If I block these crawlers in the robots.txt file, it should theoretically alleviate the output of error logs.

Finally, I extend my heartfelt gratitude for your response. :grinning:
May you have a wonderful day.

6

Thanks for the heads up and the advice! :grin:

I didn’t use Chinese category names, and all category identifiers I strictly adhered to the slug as suggested in the discourse documentation, using English, for example:

A screenshot of a software interface where "化学工程" (Chemical Engineering) is typed into the "类别名称" (Category Name) field and "huaxue" is typed into the "类别缩写名" (Category Abbreviation Name) field, with a red arrow pointing to the abbreviation field. (由 AI 生成标题)
A screenshot of a software interface where "化学工程" (Chemical Engineering) is typed into the "类别名称" (Category Name) field and "huaxue" is typed into the "类别缩写名" (Category Abbreviation Name) field, with a red arrow pointing to the abbreviation field. (由 AI 生成标题)868×251 12.8 KB