strategy.rb#request_call : why the need for request.env['omniauth.origin'] & request.env['omniauth.params']['origin'] ?

44 views

Skip to first unread message

Sascha Kästle

unread,

Mar 31, 2015, 1:12:02 PM3/31/15

to omni...@googlegroups.com

Hello there!

Some context: I'm currently digging into an issue we have with one of our apps, that'll crash with an `ActionDispatch::Cookies::CookieOverflow` because the origin url that is passed into is way too long:

http://localhost:3000/auth/provider?origin=<way too long URL>

Now during my investigation I saw that the origin is marshalled twice into the cookie: once under cookie['omniauth.params']['origin'] and once under cookie['omniauth.origin']

https://github.com/intridea/omniauth/blob/master/lib/omniauth/strategy.rb#L197

I was just wondering: What is the usecase of having the origin twice in the cookie?

Any and all insights would be helpful!

Sascha

Reply all

Reply to author

Forward

0 new messages