You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The changes the default method of the :developer strategy to GET.
It does this by allowing OmniAuth::Form to accept a `:method` option,
which is optional and defaults to 'post', the current behavior.
Because the default behavior remains unchanged, I don't expect this to
introduct any breaking changes.
This allows the developer strategy to work with the directions provided
in the README. Further, it seems that the default action of most
stratigies is to use GET for their callbacks.
Fixesomniauth#1087Fixesomniauth#1061Fixesomniauth#957
Please complete all sections.
Configuration
omniauth-developer
3.1.2
Flame
Arch Linux
Expected Behavior
OmniAuth-Developer form contains CSRF param and passes it to
/auth/developer/callback
.Actual Behavior
I see no
_csrf
param, even when completed setup instructions for compatibility.Steps to Reproduce
Additional info
I've tried
allow_if
block from #1074, but it seems never called.The form to authenticate:
The form from the OmniAuth-Developer provider:
Without
_csrf
param (hidden?) the/callback
will be rejected (byRack::Csrf
middleware).The text was updated successfully, but these errors were encountered: