yuuta040208
commented
3 years ago I have downgraded to version 1.9.1. It works.
gem 'omniauth', '1.9.1'Closed atmos closed 3 years ago
yuuta040208
commented
3 years ago I have downgraded to version 1.9.1. It works.
gem 'omniauth', '1.9.1'
schimpf
commented
3 years ago I had to add this to the initializer to get it working:
OmniAuth.config.allowed_request_methods = %i[get]
yuuta040208
commented
3 years ago I had to add this to the initializer to get it working:
OmniAuth.config.allowed_request_methods = %i[get]
It also worked in the latest version. Thank you!
schimpf
commented
3 years ago After reading the warnings in the log about the csrf attacks I have changed the allowed request method do post and installed the omniauth-rails_csrf_protection gem and then used the button_to method to link to /auth/:provider. Works fine and its closed to csrf attacks.
In the omniauth initializer:
OmniAuth.config.allowed_request_methods = %i[post]
Gemfile
gem "omniauth-rails_csrf_protection"
atmos
commented
3 years ago I'm always a huge fan of better security. Thanks for the great replies on this!
I recently upgraded to rails 6.1 and it no longer identifies the
/auth/google_oauth2path. Any ideas?