Permalink
Browse files

ADD note about protect_from_forgery in README

  • Loading branch information...
1 parent f48bedd commit 6cd025254cb95a13138d518d522a4e86d2d29f6b @oelmekki oelmekki committed Jun 3, 2011
Showing with 3 additions and 1 deletion.
  1. +3 −1 README.markdown
View
@@ -114,6 +114,8 @@ Because of the redirects involved in Oauth and OpenID, you MUST pass a block to
end
If you don't use the block, we will get a DoubleRender error. We need the block to jump out of the rendering while redirecting.
+
+Also, be sure to skip protect_from_forgery for actions using this. Even if logs say a GET request is issued, a POST route will need to bypass forgery protection in order to yield a result to the #save block when back from auth provider.
### 7. Add Parameters to Forms in your Views
@@ -231,4 +233,4 @@ Feel free to add to the wiki if you figure things out or make new distinctions.
### Todo
-- Add [Andrew Cove's](http://github.com/andrewacove) idea of a "Merge Code". So if user creates Facebook account logs out, and create Twitter account, a code they can use to pass to facebook account so it knows it's associated with Twitter.
+- Add [Andrew Cove's](http://github.com/andrewacove) idea of a "Merge Code". So if user creates Facebook account logs out, and create Twitter account, a code they can use to pass to facebook account so it knows it's associated with Twitter.

0 comments on commit 6cd0252

Please sign in to comment.