nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/app/controllers
History
Steven Hancock fc4b8d2af0 Skip CSRF token for OmniAuth callbacks (prevents session reset) 
OmniAuth callbacks need to accept a raw POST from the auth provider without
verifying the CSRF token, otherwise the session will be reset.

See intridea/omniauth#203
See also http://www.communityguides.eu/articles/16

(This technique will also be needed for API endpoints when the time comes)
2012-03-29 18:51:54 -07:00
..
activity_streams
admins_controller.rb
apis_controller.rb
application_controller.rb
apps_controller.rb
aspect_memberships_controller.rb
aspects_controller.rb
authorizations_controller.rb
blocks_controller.rb
comments_controller.rb
contacts_controller.rb
conversation_visibilities_controller.rb
conversations_controller.rb
home_controller.rb
invitation_codes_controller.rb
invitations_controller.rb
likes_controller.rb
messages_controller.rb
notifications_controller.rb
participations_controller.rb
people_controller.rb
photos_controller.rb
posts_controller.rb
profiles_controller.rb
publics_controller.rb
registrations_controller.rb
reshares_controller.rb
services_controller.rb Skip CSRF token for OmniAuth callbacks (prevents session reset) 2012-03-29 18:51:54 -07:00
sessions_controller.rb
share_visibilities_controller.rb
status_messages_controller.rb
streams_controller.rb
tag_followings_controller.rb
tags_controller.rb
tokens_controller.rb
users_controller.rb