Skip to content

Allow OmniAuthAuthenticityTokenProtection options to be configured#1027

Merged
BobbyMcWho merged 1 commit intoomniauth:masterfrom
jkowens:patch-1
Jan 16, 2021
Merged

Allow OmniAuthAuthenticityTokenProtection options to be configured#1027
BobbyMcWho merged 1 commit intoomniauth:masterfrom
jkowens:patch-1

Conversation

@jkowens
Copy link
Contributor

@jkowens jkowens commented Jan 16, 2021

This will be useful for disabling csrf protection in test suites or configuring the csrf key when the next version of rack-protection is released.

ie:

OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection.new(allow_if: ->(env) { true })

or

OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection.new(key: :_csrf_token)

@jkowens
Allow OmniAuthAuthenticityTokenProtection options to be configured
52fea4e 
This will be useful for disabling csrf protection in test suites or
configuring the csrf key when the next version of rack-protection is
released.
@jkowens jkowens changed the title Allow OmniAuthAuthenticityTokenProtection options to be customized Allow OmniAuthAuthenticityTokenProtection options to be configured Jan 16, 2021
@BobbyMcWho
Copy link
Member

BobbyMcWho commented Jan 16, 2021

Thanks @jkowens, I had been turning it off in test suites by setting OmniAuth.config.request_validation_phase = nil or OmniAuth.config.request_validation_phase = proc {}, but this makes sense to have as well. Going to release it in a patch version release since it honestly should have been present in the 2.0.0 release if I hadn't overlooked it.

@BobbyMcWho BobbyMcWho merged commit b55ad4c into omniauth:master Jan 16, 2021
@jkowens
Copy link
Contributor Author

jkowens commented Jan 16, 2021

Cool, I didn't think of those options! Thanks for the quick release 💯

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BobbyMcWho BobbyMcWho BobbyMcWho approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jkowens @BobbyMcWho