From 13b07b88f1aa79c31291473362ac77b31602c374 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sat, 28 Nov 2020 05:17:53 +0100
Subject: Fix omniauth (SAML/CAS) sign-in routes not having CSRF protection
 (#15228)

---
 app/views/auth/sessions/new.html.haml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'app/views/auth/sessions')

diff --git a/app/views/auth/sessions/new.html.haml b/app/views/auth/sessions/new.html.haml
index ceb169408..9713bdaeb 100644
--- a/app/views/auth/sessions/new.html.haml
+++ b/app/views/auth/sessions/new.html.haml
@@ -22,7 +22,6 @@
 
     .actions
       - resource_class.omniauth_providers.each do |provider|
-        = link_to omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}" do
-          = t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize)
+        = link_to t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize), omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}", method: :post
 
 .form-footer= render 'auth/shared/links'
-- 
cgit