Open lanrion opened 10 years ago
acidtib
commented
10 years ago Yep having same issue here.
Started GET "/auth/doorkeeper/callback?code=xxxxxxxxxxxxxxxxxxxxxxx" for xx.xxx.xx.xxx at 2014-07-22 17:45:15 +0000
Started GET "/auth/failure?message=csrf_detected&strategy=doorkeeper" for xx.xxx.xx.xxx at 2014-07-22 17:45:15 +0000
Processing by Users::OmniauthCallbacksController#failure as HTML
Parameters: {"message"=>"csrf_detected", "strategy"=>"doorkeeper"}
ryancheung
commented
9 years ago Having the same issue too. Any solution?
spaghetticode
commented
9 years ago I have just created 2 apps from scratch following the readme, one with doorkeeper as sso server, the other from the current version of discourse on github and had no issue (except for the doorkeeper_for error which is now fixed on the readme).
I am thinking your issues depend on your specific app configuration. Can you provide further details?
ryancheung
commented
9 years ago This issue is caused by the default csrf detection for content type text/javascript. I solved this by skipping verify_authenticity_token on devise registration controller:
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index caa9030..64edfa7 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -1,3 +1,4 @@
class RegistrationsController < Devise::RegistrationsController
respond_to :html, :js
+ skip_before_filter :verify_authenticity_token, :if => Proc.new { |c| puts c.request.format; c.request.format == 'text/javascript' }
end
Hi, I come across an issue:
localhost:4000 is oauth2 proiver, a new project, rails 4.1.4 Discorse run on the port: 3000, the master branch
When I click the "Authorize" button, it raise the exception:
Thanks.