Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: accidental unnecessarily strict conditional that effectively ren…
…dered SSO state checking opt-in instead of opt-out
  • Loading branch information
julianlam committed Jun 14, 2021
1 parent 520050d commit a2400f6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/routes/authentication.js
Expand Up @@ -104,7 +104,7 @@ Auth.reloadRoutes = async function (params) {
prompt: strategy.prompt || undefined,
};

if (strategy.checkState) {
if (strategy.checkState !== false) {
req.session.ssoState = req.csrfToken && req.csrfToken();
opts.state = req.session.ssoState;
}
Expand Down

0 comments on commit a2400f6

Please sign in to comment.