From 24fa49af9654c0e7af889f5850f519289658b523 Mon Sep 17 00:00:00 2001
From: Dries Vints <dries@vints.io>
Date: Fri, 5 Mar 2021 11:34:44 +0100
Subject: [PATCH 1/2] Allow relative urls for redirect

---
 resources/views/payment.blade.php          |  2 +-
 src/Http/Controllers/PaymentController.php |  4 ++--
 src/Http/Middleware/VerifyRedirectUrl.php  |  2 +-
 tests/Unit/VerifyRedirectUrlTest.php       | 12 ++++++------
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/resources/views/payment.blade.php b/resources/views/payment.blade.php
index 308ad99e..b1cb9b8a 100644
--- a/resources/views/payment.blade.php
+++ b/resources/views/payment.blade.php
@@ -108,7 +108,7 @@ class="inline-block w-full px-4 py-3 mb-4 text-white rounded-lg hover:bg-blue-50
                     </div>
                 @endif
 
-                <button @click="goBack" ref="goBackButton" data-redirect="{{ $redirect ?? url('/') }}"
+                <button @click="goBack" ref="goBackButton" data-redirect="{{ $redirect }}"
                    class="inline-block w-full px-4 py-3 bg-gray-200 hover:bg-gray-300 text-center text-gray-700 rounded-lg">
                     {{ __('Go back') }}
                 </button>
diff --git a/src/Http/Controllers/PaymentController.php b/src/Http/Controllers/PaymentController.php
index 108454ae..f1d974c4 100644
--- a/src/Http/Controllers/PaymentController.php
+++ b/src/Http/Controllers/PaymentController.php
@@ -24,7 +24,7 @@ public function __construct()
      * Display the form to gather additional payment verification for the given payment.
      *
      * @param  string  $id
-     * @return \Illuminate\View\View
+     * @return \Illuminate\Contracts\View\View
      */
     public function show($id)
     {
@@ -33,7 +33,7 @@ public function show($id)
             'payment' => new Payment(
                 StripePaymentIntent::retrieve($id, Cashier::stripeOptions())
             ),
-            'redirect' => request('redirect'),
+            'redirect' => url(request('redirect', '/')),
         ]);
     }
 }
diff --git a/src/Http/Middleware/VerifyRedirectUrl.php b/src/Http/Middleware/VerifyRedirectUrl.php
index 23cf6312..5fec6dd4 100644
--- a/src/Http/Middleware/VerifyRedirectUrl.php
+++ b/src/Http/Middleware/VerifyRedirectUrl.php
@@ -22,7 +22,7 @@ public function handle($request, Closure $next)
 
         $url = parse_url($redirect);
 
-        if ($redirect && (! isset($url['host']) || $url['host'] !== $request->getHost())) {
+        if (isset($url['host']) && $url['host'] !== $request->getHost()) {
             throw new AccessDeniedHttpException('Redirect host mismatch.');
         }
 
diff --git a/tests/Unit/VerifyRedirectUrlTest.php b/tests/Unit/VerifyRedirectUrlTest.php
index a7a953f7..a339cce8 100644
--- a/tests/Unit/VerifyRedirectUrlTest.php
+++ b/tests/Unit/VerifyRedirectUrlTest.php
@@ -33,16 +33,16 @@ public function test_it_fails_on_host_mismatch()
         });
     }
 
-    public function test_it_fails_when_the_url_is_invalid()
+    public function test_it_passes_for_relative_urls()
     {
-        $request = Request::create('http://baz.com/stripe/payment', 'GET', ['redirect' => 'foo/bar']);
+        $request = Request::create('http://baz.com/stripe/payment', 'GET', ['redirect' => '/foo/bar']);
         $middleware = new VerifyRedirectUrl;
 
-        $this->expectException(AccessDeniedHttpException::class);
-
-        $middleware->handle($request, function () {
-            //
+        $response = $middleware->handle($request, function () {
+            return 'Hello World!';
         });
+
+        $this->assertSame('Hello World!', $response);
     }
 
     public function test_it_is_skipped_when_no_redirect_is_present()

From 65e4ff66b4e7a37c6517e7dc1cbc68587f88236f Mon Sep 17 00:00:00 2001
From: Dries Vints <dries@vints.io>
Date: Fri, 5 Mar 2021 11:44:09 +0100
Subject: [PATCH 2/2] Use ubuntu-18.04

---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index e25363b1..795837b5 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -9,7 +9,7 @@ on:
 jobs:
   tests:
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-18.04
     strategy:
       fail-fast: true
       matrix: