cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Force openid callbacks to use GET to avoid CSRF validation issues

Browse source
This commit is contained in:
Tom Hughes 2011-10-19 20:34:06 +01:00
parent 546db82281
commit 07b834785f
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/user_controller.rb
View file

@ -522,7 +522,7 @@ private
end
# Start the authentication
authenticate_with_open_id(openid_expand_url(openid_url), :required => required) do |result, identity_url, sreg, ax|
authenticate_with_open_id(openid_expand_url(openid_url), :method => :get, :required => required) do |result, identity_url, sreg, ax|
if result.successful?
# We need to use the openid url passed back from the OpenID provider
# rather than the one supplied by the user, as these can be different.
@ -570,7 +570,7 @@ private
def openid_verify(openid_url, user)
user.openid_url = openid_url
authenticate_with_open_id(openid_expand_url(openid_url)) do |result, identity_url|
authenticate_with_open_id(openid_expand_url(openid_url), :method => :get) do |result, identity_url|
if result.successful?
# We need to use the openid url passed back from the OpenID provider
# rather than the one supplied by the user, as these can be different.