If you're not familiar with how the `Referer` header works, you likely
won't understand why you need to provide a fallback or under what
circumstances it would be used.

Hopefully this clarifies things a bit.

Applications that use `redirect_to :back` can be forced to 500 by
clients that do not send the HTTP `Referer` (sic) header.
`redirect_back` requires the user to consider this possibility up front
and avoids this trivially-caused application error.

`redirect_to :back` is a somewhat common pattern in Rails apps, but it
is not completely safe. There are a number of circumstances where HTTP
referrer information is not available on the request. This happens often
with bot traffic and occasionally to user traffic depending on browser
security settings.

When there is no referrer available on the request, `redirect_to :back`
will raise `ActionController::RedirectBackError`, usually resulting in
an application error.

`redirect_back` takes a required `fallback_location` keyword argument
that specifies the redirect when the referrer information is not
available.  This prevents 500 errors caused by
`ActionController::RedirectBackError`.

Since all controller instances are required to have a request and
response object, RackDelegation is no longer needed (we always have to
delegate to the response)

Closes #16170

Without parenthesis, ruby assumes that curly braces denote the beginning
of a block.

The previous regex was allowing `_` in the URI scheme, which is not
allowed by RFC 3986. This change brings the regex in line with the RFC.

In some instances, `assert_redirected_to` assertion was returning an
incorrect and misleading failure message when the assertion failed.
This was due to a disconnect in how the assertion computes the redirect
string for the failure message and how `redirect_to` computes the
string that is actually used for redirection.

I made the `_compute_redirect_to_loaction` method used by `redirect_to`
public and call that from the method `assert_redirect_to` uses to
calculate the URL.

The reveals a new test failure due to the regex used by
`_compute_redirect_to_location` allow `_` in the URL scheme.

So, if there is redirect_to params[:q]
i can send ?q=javascript:asdf()%0A/localpath
Or something more nasty, so please use \A

This reverts commit 3fa00070.

Reason: This message is usually not accurate and annoying:

    Redirected by ~/.rbenv/versions/1.9.3-p327-perf/lib/ruby/1.9.1/logger.rb:371:in `add'`

* Avoid calling class_eval when not needed
* Remove helpers_path attr accessor, it's defined as a class attribute a
  few lines later
* Avoid creating extra arrays when finding helpers, use flat_map and sort!
* Remove not required refer variable when redirecting :back

IE since version 6 and recently Chrome and Firefox have started following
302 redirects from XHR requests other than GET/POST using the original request
method. This can lead to DELETE requests being redirected amongst other things.

Although it doesn't directly affect the Rails framework since it doesn't return
a 302 redirect to any non-GET/POST request a note has been added to raise
awareness of the issue. Some references:

Original article from @technoweenie:
http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/

Hacker News discussion of the article:
http://news.ycombinator.com/item?id=2903493

WebKit bug report:
https://bugs.webkit.org/show_bug.cgi?id=46183

Firefox bug report and changeset:
https://bugzilla.mozilla.org/show_bug.cgi?id=598304
https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d

Chrome bug report:
http://code.google.com/p/chromium/issues/detail?id=56373

HTTPbis bug report and changeset:
http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160
http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428

Roy T. Fielding's history of the issue:
http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html

Automated browser tests for the issue:
http://www.mnot.net/javascript/xmlhttprequest/

Fixes #4144

add tests for stripping \r\n chars since that's already happening

Minor enhancement by not unnecessarely escaping forward slashing within a curly regexp and by mentoining the protocol relative scheme in the internal comment

Fix for redirect_to to respect urls with a network path reference like "//asset.host.com/resources/1235" see issue #3856

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Booting a new Rails application does not work after this commit [#5359 state:open]

This reverts commit 38a421b3.

Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Including UrlFor in Redirecting and Head will warn usefully if a controller is wired up without a router included (and still support redirect_to "omg")

Remove duplicated url_for code and move methods shared between ActionMailer and ActionController up to AbstractController.