You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
/auth/identity/callback is called using HTTP GET and this has a major downside, since the path is saved in browser history with cleartext password and auth_key.
The text was updated successfully, but these errors were encountered:
Replacing omniauth-identity with hand-made authentication was a matter of half an hour and few lines of code. Now i don't have any autogenerated forms, GET callbacks with plaintext password, extra dependencies.
The requests are made upstream by the core omniauth gem. I think you may be referring to the open CVE on omniauth, which requires app-level modifications to resolve.
In any case, this gem doesn't make requests, omniauth does. Closing.
/auth/identity/callback is called using HTTP GET and this has a major downside, since the path is saved in browser history with cleartext password and auth_key.
The text was updated successfully, but these errors were encountered: