Fix omniauth (SAML/CAS) sign-in routes not having CSRF protection (#15228)

2020-11-28 05:17:53 +01:00
parent 13206fcfb8
commit 13b07b88f1
3 changed files with 6 additions and 2 deletions
--- a/app/views/auth/sessions/new.html.haml
+++ b/app/views/auth/sessions/new.html.haml
@ -22,7 +22,6 @@

    .actions
      - resource_class.omniauth_providers.each do |provider|
-        = link_to omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}" do
-          = t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize)
+        = link_to t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize), omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}", method: :post

 .form-footer= render 'auth/shared/links'