Open isaichenko opened 7 months ago
despite doing all the above I'm getting this error in production: ERROR -- omniauth: (apple) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
I had previously made it work with slightly different code in config/application.rb
so my code doesnt have the /users/... part before as my callback url is configured differently..
config.action_dispatch.cookies_same_site_protection = lambda { |request|
if request.path.starts_with?("/auth/apple")
:none
elsif request.path == '/users/auth/apple'
:none
else
:lax
end
}
For rails 7.1.3
In
config/application.rb
:config.action_dispatch.cookies_same_site_protection = lambda { |request|
request.path == '/users/auth/apple' ? :none : :lax
}
In
controllers/application_controller.rb
:def verified_request?
controller_name == 'omniauth_callbacks' || super
end
In
config/environments/production.rb
:config.assume_ssl = true
config.force_ssl = true
Without these settings the gem did not work for me. Hope this helps others.