From c1a412731248ad925d86de50147b2b8ffb8c64ef Mon Sep 17 00:00:00 2001
From: Sam Pohlenz <sam@sampohlenz.com>
Date: Wed, 23 Oct 2024 17:10:02 +1030
Subject: [PATCH] Fix resource deletion when Referer header is absent

---
 .../trestle/resource/controller/actions.rb        |  9 ++++++---
 spec/integration/resource_controller_spec.rb      | 15 +++++++++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)
 create mode 100644 spec/integration/resource_controller_spec.rb

diff --git a/app/controllers/concerns/trestle/resource/controller/actions.rb b/app/controllers/concerns/trestle/resource/controller/actions.rb
index f66e97a3..31b65f74 100644
--- a/app/controllers/concerns/trestle/resource/controller/actions.rb
+++ b/app/controllers/concerns/trestle/resource/controller/actions.rb
@@ -108,14 +108,12 @@ def update
         end
 
         def destroy
-          deleting_referer = URI(request.referer).path == admin.instance_path(instance)
-
           if delete_instance
             respond_to do |format|
               flash[:message] = flash_message("destroy.success", title: "Success!", message: "The %{lowercase_model_name} was successfully deleted.")
 
               format.html { redirect_to_return_location(:destroy, instance, status: :see_other) { admin.path(:index) } }
-              format.turbo_stream { flash.discard } unless deleting_referer
+              format.turbo_stream { flash.discard } unless referer_is_instance_path?
               format.json { head :no_content }
 
               yield format if block_given?
@@ -138,6 +136,11 @@ def destroy
             end
           end
         end
+
+      private
+        def referer_is_instance_path?
+          request.referer && URI(request.referer).path == admin.instance_path(instance)
+        end
       end
     end
   end
diff --git a/spec/integration/resource_controller_spec.rb b/spec/integration/resource_controller_spec.rb
new file mode 100644
index 00000000..8ecf216e
--- /dev/null
+++ b/spec/integration/resource_controller_spec.rb
@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+describe Trestle::ResourceController, type: :request do
+  include FeatureHelper
+
+  let(:resource) { PostsAdmin }
+
+  describe "delete record without referer" do
+    let(:post) { create_test_post }
+
+    it "does not raise an exception" do
+      delete resource.instance_path(post)
+    end
+  end
+end