ActionController::Redirecting::UnsafeRedirectError when user is not logged in and tries to go to /account/digitizations_request

[sandbergja]

Expected behavior

When a user who has not yet logged in goes to /account/digitizations_request, it takes them to CAS, Duo, and then to the digitizations request page.

Actual behavior

It takes them to CAS, Duo, and then the "Something went wrong" page.

Steps to replicate

1. Log out of the catalog
2. Go to https://catalog.princeton.edu/account/digitization_requests
3. Press the "Login with Netid" button
4. Log in to CAS
5. Approve the Duo if necessary
6. Note that you get the "Something went wrong"

Impact of this bug

Users wil think the site is broken, and can't access the digitization requests.

Honeybadger link and code snippet, if applicable

Honeybadger link

ActionController::Redirecting::UnsafeRedirectError: Unsafe redirect to "https://api-dc8397fa.duosecurity.com/", pass allow_other_host: true to redirect anyway.

[kevinreiss]

Do we wish to retain this view in OL? We could consider just sending folks to their illiad account which is where digitization requests go (except for ReCAP ones). In general the account experience for users in OL is quite fractured and inconsistent given that we have BL related features like bookmarks, saved searches but the actual inventory related features are off-loading to Alma's account page or ILLiad. This page is a vestige of a feature set where we could do both of these in a single view in the application. If our ultimate UX goal is to get back to that, then we could consider a re-vamp of this whole feature set. For now though I wonder if this view does more harm than good and perhaps just sending you to illiad would be adequete.

[christinach]

@kevinreiss will create a new ticket to support #4322 (comment)
and close this ticket