demarches-normaliennes/config/initializers/omniauth.rb

# OmniAuth GET requests may be vulnerable to CSRF.
# Ensure that OmniAuth only uses POST requests.
# See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
OmniAuth.config.allowed_request_methods = [:post]
omniauth: protect against CSRF See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284 2019-07-15 16:35:24 +02:00			`# OmniAuth GET requests may be vulnerable to CSRF.`
			`# Ensure that OmniAuth only uses POST requests.`
			`# See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284`
			`OmniAuth.config.allowed_request_methods = [:post]`