FIX: do not follow redirect on same host with path /login or /session

FIX: do not follow redirect on same host with path /login or /session

diff --git a/lib/final_destination.rb b/lib/final_destination.rb
index 1278e99..31e99ff 100644
--- a/lib/final_destination.rb
+++ b/lib/final_destination.rb
@@ -229,10 +229,16 @@ class FinalDestination
     end
 
     if location
+      redirect_uri = uri(location)
+      if @uri.host == redirect_uri.host && (redirect_uri.path =~ /\/login/ || redirect_uri.path =~ /\/session/)
+        @status = :resolved
+        return @uri
+      end
+
       old_port = @uri.port
       location = "#{location}##{@uri.fragment}" if @preserve_fragment_url && @uri.fragment.present?
       location = "#{@uri.scheme}://#{@uri.host}#{location}" if location[0] == "/"
-      @uri = uri(location)
+      @uri = redirect_uri
       @limit -= 1
 
       # https redirect, so just cache that whole new domain is https
diff --git a/spec/components/final_destination_spec.rb b/spec/components/final_destination_spec.rb
index 0e0c485..33f7bf1 100644
--- a/spec/components/final_destination_spec.rb
+++ b/spec/components/final_destination_spec.rb
@@ -153,6 +153,19 @@ describe FinalDestination do
       end
     end
 
+    context "with a redirect to login path" do
+      before do
+        redirect_response("https://eviltrout.com/t/xyz/1", "https://eviltrout.com/login")
+      end
+
+      it "does not follow redirect" do
+        final = FinalDestination.new('https://eviltrout.com/t/xyz/1', opts)
+        expect(final.resolve.to_s).to eq('https://eviltrout.com/t/xyz/1')
+        expect(final.redirected?).to eq(false)
+        expect(final.status).to eq(:resolved)
+      end
+    end
+
     context "GET can be forced" do
       before do
         stub_request(:head, 'https://force.get.com/posts?page=4')

GitHub sha: b0e781e2

This commit has been mentioned on Discourse Meta. There might be relevant details there: