Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add note about protect_from_forgery in README #55

Merged
merged 1 commit into from Sep 2, 2011
Merged

add note about protect_from_forgery in README #55

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 3 additions & 1 deletion README.markdown
View file
Open in desktop
Expand Up @@ -114,6 +114,8 @@ Because of the redirects involved in Oauth and OpenID, you MUST pass a block to
end

If you don't use the block, we will get a DoubleRender error. We need the block to jump out of the rendering while redirecting.

Also, be sure to skip protect_from_forgery for actions using this. Even if logs say a GET request is issued, a POST route will need to bypass forgery protection in order to yield a result to the #save block when back from auth provider.

### 7. Add Parameters to Forms in your Views

Expand Down Expand Up @@ -231,4 +233,4 @@ Feel free to add to the wiki if you figure things out or make new distinctions.

### Todo

- Add [Andrew Cove's](http://github.com/andrewacove) idea of a "Merge Code". So if user creates Facebook account logs out, and create Twitter account, a code they can use to pass to facebook account so it knows it's associated with Twitter.
- Add [Andrew Cove's](http://github.com/andrewacove) idea of a "Merge Code". So if user creates Facebook account logs out, and create Twitter account, a code they can use to pass to facebook account so it knows it's associated with Twitter.