Open spemmons opened 4 years ago
When 'protect_from_forgery' is in use, ActionController::InvalidAuthenticityToken is triggered when receiving a callback request from the SAML IdP.
The fix was to add the following to ApplicationController:
skip_forgery_protection if: :saml_callback_path? def saml_callback_path? request.fullpath == '/.../auth/saml/callback' end
This is fine, but what I would really like is an elegant way to add this to the appropriate Devise controller so with something like:
skip_forgery_protection only: '???' <-- where ??? is whatever the action method name is for the callback
Hey @spemmons, any luck resolving this issue?
Environment
Current behavior
When 'protect_from_forgery' is in use, ActionController::InvalidAuthenticityToken is triggered when receiving a callback request from the SAML IdP.
The fix was to add the following to ApplicationController:
Expected behavior
This is fine, but what I would really like is an elegant way to add this to the appropriate Devise controller so with something like: