diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index 0355c9f458..7d14b175cc 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -18,7 +18,7 @@ module ActionController
#
# * Hash - The URL will be generated by calling url_for with the +options+.
# * Record - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record.
- # * String starting with protocol:// (like http://) - Is passed straight through as the target for redirection.
+ # * String starting with protocol:// (like http://) or a protocol relative reference (like //) - Is passed straight through as the target for redirection.
# * String not containing a protocol - The current protocol and host is prepended to the string.
# * Proc - A block that will be executed in the controller's context. Should return any option accepted by +redirect_to+.
# * :back - Back to the page that issued the request. Useful for forms that are triggered from multiple places.
@@ -81,7 +81,7 @@ module ActionController
# The scheme name consist of a letter followed by any combination of
# letters, digits, and the plus ("+"), period ("."), or hyphen ("-")
# characters; and is terminated by a colon (":").
- when %r{^\w[\w+.-]*:.*}
+ when %r{^(\w[\w+.-]*:|\/\/).*}
options
when String
request.protocol + request.host_with_port + options
diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb
index 79041055bd..5b739e49ac 100644
--- a/actionpack/test/controller/redirect_test.rb
+++ b/actionpack/test/controller/redirect_test.rb
@@ -70,6 +70,10 @@ class RedirectController < ActionController::Base
redirect_to "x-test+scheme.complex:redirect"
end
+ def redirect_to_url_with_network_path_reference
+ redirect_to "//www.rubyonrails.org/"
+ end
+
def redirect_to_back
redirect_to :back
end
@@ -216,6 +220,12 @@ class RedirectTest < ActionController::TestCase
assert_equal "x-test+scheme.complex:redirect", redirect_to_url
end
+ def test_redirect_to_url_with_network_path_reference
+ get :redirect_to_url_with_network_path_reference
+ assert_response :redirect
+ assert_equal "//www.rubyonrails.org/", redirect_to_url
+ end
+
def test_redirect_to_back
@request.env["HTTP_REFERER"] = "http://www.example.com/coming/from"
get :redirect_to_back