nov
commented
1 year ago handle POST request as POST, by skipping CSRF detection and SameSite=none cookies etc. no redirect to GET.
Closed bradgessler closed 1 year ago
nov
commented
1 year ago handle POST request as POST, by skipping CSRF detection and SameSite=none cookies etc. no redirect to GET.
bradgessler
commented
1 year ago I don't follow, could you elaborate?
Installing the gem from master doesn't work, so I consider this integration broken until either this or what you describe is implemented into the gem.
Addresses the issues from https://github.com/nhosoya/omniauth-apple/issues/64, which I barely understand. I took the callback phase from https://github.com/discourse/discourse-apple-auth/blob/40ef076fa744d562ce54f3f30921a1b387e042fb/lib/omniauth_apple.rb#L60-L72, dropped it into a branch, and it worked without issue.
I can't speak for the security of this though, could somebody else smarter than myself chime in about it?