From 13b07b88f1aa79c31291473362ac77b31602c374 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sat, 28 Nov 2020 05:17:53 +0100
Subject: Fix omniauth (SAML/CAS) sign-in routes not having CSRF protection
 (#15228)

---
 Gemfile.lock | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Gemfile.lock')

diff --git a/Gemfile.lock b/Gemfile.lock
index b8134a985..f7192d084 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -375,6 +375,9 @@ GEM
       addressable (~> 2.3)
       nokogiri (~> 1.5)
       omniauth (~> 1.2)
+    omniauth-rails_csrf_protection (0.1.2)
+      actionpack (>= 4.2)
+      omniauth (>= 1.3.1)
     omniauth-saml (1.10.3)
       omniauth (~> 1.3, >= 1.3.2)
       ruby-saml (~> 1.9)
@@ -741,6 +744,7 @@ DEPENDENCIES
   oj (~> 3.10)
   omniauth (~> 1.9)
   omniauth-cas (~> 2.0)
+  omniauth-rails_csrf_protection (~> 0.1)
   omniauth-saml (~> 1.10)
   ox (~> 2.13)
   paperclip (~> 6.0)
-- 
cgit