@@ -150,11 +150,14 @@ module OpenIdAuthentication def open_id_redirect_url(open_id_request, return_to = nil, method = nil) open_id_request.return_to_args['_method'] = (method || request.method).to_s open_id_request.return_to_args['open_id_complete'] = '1' + if (method || request.method).to_s != 'get' + open_id_request.return_to_args[request_forgery_protection_token.to_s] = form_authenticity_token + end open_id_request.redirect_url(root_url, return_to || requested_url) end def requested_url - "#{request.protocol + request.host_with_port + self.class.relative_url_root.to_s + request.path}" + "#{request.protocol + request.host_with_port + request.relative_url_root.to_s + request.path}" end def timeout_protection_from_identity_server lib/open_id_authentication.rb 3382bc49d6c1e6448f67c54e8c2ab059a051a155 Brian Landau brianjlandau@gmail.com http://github.com/brianjlandau/open_id_authentication/commit/eba671dcd3538b823d3d45702dbd4779e9c51dcc eba671dcd3538b823d3d45702dbd4779e9c51dcc 2008-08-26T07:14:14-07:00 2008-08-26T07:14:14-07:00 Fix to make "relative_url_root" method be called correctly. Fix for when we want a non-get response back from the OpenID server and need an authenticity token. ac9003912f8e8593efc4661e670abee139642341 Brian Landau brianjlandau@gmail.com