How can I block Omniauth GET requests?
93 ملاحظات
پہلے نہ پڑھے ہوئے پیغام پر جائیں
ev...@codecademy.com
20 جنوری، 2017، 11:52:19 AM20/1/17
بنام Devise
I'm using Devise with Omniauth. It doesn't seem possible to restrict the initial user auth requests to only GET's or only POST's. Is it? (My goal is to block GET requests so that only CSRF-tokened posts get through.
Currently I'm testing manually adding the routes with GET requests, but I'm getting 404's.
my routes.rb:
devise_for :users, only: '', controllers: { omniauth_callbacks: 'users/omniauth_callbacks' } as :user do # only handle GET get 'users/auth/:provider', to: 'users/omniauth_callbacks#passthru', as: :user_omniauth_authorize end
I'm getting this in my rails logs:
Started GET "/users/auth/facebook" for 127.0.0.1 at 2017-01-19 19:18:56 -0500
Processing by Users::OmniauthCallbacksController#passthru as HTML
Parameters: {"provider"=>"facebook"}
Rendering 404: Not Foundev...@codecademy.com
20 جنوری، 2017، 11:53:16 AM20/1/17
بنام Devise
Devise: 3.5.2
Omniauth: 1.2.1
سبھی کو جواب دیں
مصنف کو جواب دیں
فارورڈ کریں
0 نئے پیغامات