Add allow_other_host in redirects which may go outside app (#24252)

app/controllers/api/v1/streaming_controller.rb

@@ -5,7 +5,7 @@ class Api::V1::StreamingController < Api::BaseController
     if Rails.configuration.x.streaming_api_base_url == request.host
       not_found
     else
-      redirect_to streaming_api_url, status: 301
+      redirect_to streaming_api_url, status: 301, allow_other_host: true
     end
   end
 

app/controllers/media_proxy_controller.rb

@@ -23,7 +23,7 @@ class MediaProxyController < ApplicationController
       redownload! if @media_attachment.needs_redownload? && !reject_media?
     end
 
-    redirect_to full_asset_url(@media_attachment.file.url(version))
+    redirect_to full_asset_url(@media_attachment.file.url(version)), allow_other_host: true
   end
 
   private

app/controllers/statuses_controller.rb

@@ -70,6 +70,6 @@ class StatusesController < ApplicationController
   end
 
   def redirect_to_original
-    redirect_to ActivityPub::TagManager.instance.url_for(@status.reblog) if @status.reblog?
+    redirect_to(ActivityPub::TagManager.instance.url_for(@status.reblog), allow_other_host: true) if @status.reblog?
   end
 end