diff --git a/CHANGELOG.md b/CHANGELOG.md
index e9e56ac5..ddf8d852 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,8 @@
 # Changelog
 ## HEAD
 
+* Allow open redirect for Rails 7.0 in #redirect_back_or_to method [#351](https://github.com/Sorcery/sorcery/pull/351)
+
 ## 0.17.0
 
 * Fix Rails 7.1 compatibility by using `ActiveRecord.timestamped_migrations` [#352](https://github.com/Sorcery/sorcery/pull/352)
diff --git a/lib/sorcery/controller.rb b/lib/sorcery/controller.rb
index f6cda708..712cfa4c 100644
--- a/lib/sorcery/controller.rb
+++ b/lib/sorcery/controller.rb
@@ -98,7 +98,7 @@ def current_user=(user)
       # used when a user tries to access a page while logged out, is asked to login,
       # and we want to return him back to the page he originally wanted.
       def redirect_back_or_to(url, flash_hash = {})
-        redirect_to(session[:return_to_url] || url, flash: flash_hash)
+        redirect_to(session[:return_to_url] || url, flash: flash_hash, allow_other_host: true)
         session[:return_to_url] = nil
       end