about summary refs log tree commit diff
path: root/app/views/auth
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2020-11-28 05:17:53 +0100
committerGitHub <noreply@github.com>2020-11-28 05:17:53 +0100
commit13b07b88f1aa79c31291473362ac77b31602c374 (patch)
tree34b7fe8aeaa444d662f835efd10096f80821106b /app/views/auth
parent13206fcfb86844ba4a0c872eaf8c11a61ea848df (diff)
Fix omniauth (SAML/CAS) sign-in routes not having CSRF protection (#15228)
Diffstat (limited to 'app/views/auth')
-rw-r--r--app/views/auth/sessions/new.html.haml3
1 files changed, 1 insertions, 2 deletions
diff --git a/app/views/auth/sessions/new.html.haml b/app/views/auth/sessions/new.html.haml
index ceb169408..9713bdaeb 100644
--- a/app/views/auth/sessions/new.html.haml
+++ b/app/views/auth/sessions/new.html.haml
@@ -22,7 +22,6 @@
 
     .actions
       - resource_class.omniauth_providers.each do |provider|
-        = link_to omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}" do
-          = t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize)
+        = link_to t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize), omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}", method: :post
 
 .form-footer= render 'auth/shared/links'