omniauth: protect against CSRF
See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
This commit is contained in:
Pierre de La Morinerie
parent
329bfd5f4d
commit
76335511c8
4 changed files with 10 additions and 1 deletions
4
config/initializers/omniauth.rb
Normal file
4
config/initializers/omniauth.rb
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
# OmniAuth GET requests may be vulnerable to CSRF.
|
||||
# Ensure that OmniAuth only uses POST requests.
|
||||
# See https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
|
||||
OmniAuth.config.allowed_request_methods = [:post]
|
||||
Loading…
Add table
Add a link
Reference in a new issue