simi / omniauth-facebook

Facebook OAuth2 Strategy for OmniAuth
https://simi.github.io/omniauth-facebook/
1.26k stars 403 forks source link

CORB issue on Chrome #313

Closed Dvelezs94 closed 5 years ago

Dvelezs94 commented 5 years ago

Hello, I am having an issue when trying to authenticate with facebook on chrome.

It turns out Chrome recently added a new Security feature called Cross-Origin Read Blocking (CORB). and because of that the calls i make from my website to facebook (the login button) are not being made.

I read that this has to be fixed on the server side but I honestly do not know how. Does anyone have an idea for this?

This is the error im getting by the way

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.facebook.com/v2.10/dialog/oauth?client_id=xxxxxxxxxx&redirect_uri=https%3A%2F%2Fdev.domain.com%2Fauth%2Ffacebook%2Fcallback&response_type=code&scope=email&state=edf1e1b13672ee85a90d5986c0abb939d2000xxxxxxx with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Thanks in advance.

Correction: The call is being made but because of CORB, the content is overriten as an empty response

Dvelezs94 commented 5 years ago

WOW i finally fixed it by using POST instead of GET in the view.

Before link_to "Continue with facebook", user_facebook_omniauth_authorize_path

After link_to "Continue with facebook", user_facebook_omniauth_authorize_path, method: :post

simi commented 5 years ago

Thanks @Dvelezs94 for posting your solution!