diff --git a/Gemfile b/Gemfile index 9d12852..081d36e 100644 --- a/Gemfile +++ b/Gemfile @@ -52,6 +52,7 @@ gem 'will_paginate-bootstrap4', '~> 0.2.2' gem 'devise', '~> 4.8.0' gem 'omniauth' +gem 'omniauth-rails_csrf_protection' gem 'omniauth-github' # Use ActiveModel has_secure_password diff --git a/Gemfile.lock b/Gemfile.lock index bfc825d..fe592c8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -160,6 +160,9 @@ GEM omniauth-oauth2 (1.7.1) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) + omniauth-rails_csrf_protection (1.0.0) + actionpack (>= 4.2) + omniauth (~> 2.0) orm_adapter (0.5.0) popper_js (1.16.0) public_suffix (4.0.6) @@ -278,6 +281,7 @@ DEPENDENCIES mysql2 (~> 0.5.2) omniauth omniauth-github + omniauth-rails_csrf_protection puma (~> 5.0) rails (= 6.1.3.2) rails-controller-testing diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb index 1961bff..000b870 100644 --- a/app/views/layouts/_header.html.erb +++ b/app/views/layouts/_header.html.erb @@ -32,9 +32,9 @@ <% else %>
  • <% if Rails.env.development? %> - <%= link_to t('application.sign_in_with_github'), user_developer_omniauth_authorize_path, class: 'nav-link' %> + <%= link_to t('application.sign_in_with_github'), user_developer_omniauth_authorize_path, method: :post, class: 'nav-link' %> <% else %> - <%= link_to t('application.sign_in_with_github'), user_github_omniauth_authorize_path, class: 'nav-link' %> + <%= link_to t('application.sign_in_with_github'), user_github_omniauth_authorize_path, method: :post, class: 'nav-link' %> <% end %>
    • <% end %> diff --git a/test/integration/translator_flow_test.rb b/test/integration/translator_flow_test.rb index f507a18..375b318 100644 --- a/test/integration/translator_flow_test.rb +++ b/test/integration/translator_flow_test.rb @@ -8,7 +8,7 @@ class TranslatorFlowTest < ActionDispatch::IntegrationTest end test "can login via github" do - get '/users/auth/github' + post '/users/auth/github' assert_response :redirect follow_redirect! follow_redirect!