Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

add note about protect_from_forgery in README #55

Merged
merged 1 commit into from

2 participants

@oelmekki

Hello,

I added a quick note about protect_from_forgery in the README. I found that quite tricky since logs said a GET was issued on my UserSessionsController#create action (which is quite insane since its route was limited to POST).

Maybe it will save headaches for users if you drop a line about that.

@lancejpollard lancejpollard merged commit 6cd0252 into lancejpollard:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jun 3, 2011
  1. @oelmekki
This page is out of date. Refresh to see the latest.
Showing with 3 additions and 1 deletion.
  1. +3 −1 README.markdown
View
4 README.markdown
@@ -114,6 +114,8 @@ Because of the redirects involved in Oauth and OpenID, you MUST pass a block to
end
If you don't use the block, we will get a DoubleRender error. We need the block to jump out of the rendering while redirecting.
+
+Also, be sure to skip protect_from_forgery for actions using this. Even if logs say a GET request is issued, a POST route will need to bypass forgery protection in order to yield a result to the #save block when back from auth provider.
### 7. Add Parameters to Forms in your Views
@@ -231,4 +233,4 @@ Feel free to add to the wiki if you figure things out or make new distinctions.
### Todo
-- Add [Andrew Cove's](http://github.com/andrewacove) idea of a "Merge Code". So if user creates Facebook account logs out, and create Twitter account, a code they can use to pass to facebook account so it knows it's associated with Twitter.
+- Add [Andrew Cove's](http://github.com/andrewacove) idea of a "Merge Code". So if user creates Facebook account logs out, and create Twitter account, a code they can use to pass to facebook account so it knows it's associated with Twitter.
Something went wrong with that request. Please try again.