vbatts/mastodon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix omniauth (SAML/CAS) sign-in routes not having CSRF protection (#15228)

Browse source
This commit is contained in:
Eugen Rochko 2020-11-28 05:17:53 +01:00 committed by GitHub
parent 13206fcfb8
commit 13b07b88f1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Gemfile.lock
View file

@ -375,6 +375,9 @@ GEM
addressable (~> 2.3)
nokogiri (~> 1.5)
omniauth (~> 1.2)
omniauth-rails_csrf_protection (0.1.2)
actionpack (>= 4.2)
omniauth (>= 1.3.1)
omniauth-saml (1.10.3)
omniauth (~> 1.3, >= 1.3.2)
ruby-saml (~> 1.9)
@ -741,6 +744,7 @@ DEPENDENCIES
oj (~> 3.10)
omniauth (~> 1.9)
omniauth-cas (~> 2.0)
omniauth-rails_csrf_protection (~> 0.1)
omniauth-saml (~> 1.10)
ox (~> 2.13)
paperclip (~> 6.0)