Protect OmniAuth request phase against CSRF.

author: Douwe Maan <douwe@gitlab.com> 2015-04-24 17:03:18 +0200
committer: Douwe Maan <douwe@gitlab.com> 2015-04-24 17:03:18 +0200
commit: 571ba5a7feb870b7aa711d5a6fc6d4d53d92a4c5 (patch)
tree: 817cd5b54a81a1a229be4b42e7643ad90f5040e1 /app/views/devise
parent: 62117f2f25646009fb5b20d7a215d7d697ce3231 (diff)
download: gitlab-ce-571ba5a7feb870b7aa711d5a6fc6d4d53d92a4c5.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/app/views/devise/shared/_omniauth_box.html.haml b/app/views/devise/shared/_omniauth_box.html.haml
index 8dce0b16936..f8ba9d80ae8 100644
--- a/app/views/devise/shared/_omniauth_box.html.haml
+++ b/app/views/devise/shared/_omniauth_box.html.haml
@@ -5,6 +5,6 @@
   - providers.each do |provider|
     %span.light
       - if default_providers.include?(provider)
-        = link_to oauth_image_tag(provider), omniauth_authorize_path(resource_name, provider), class: 'oauth-image-link'
+        = link_to oauth_image_tag(provider), omniauth_authorize_path(resource_name, provider), method: :post, class: 'oauth-image-link'
       - else
-        = link_to provider.to_s.titleize, omniauth_authorize_path(resource_name, provider), class: "btn", "data-no-turbolink" => "true"
+        = link_to provider.to_s.titleize, omniauth_authorize_path(resource_name, provider), method: :post, class: "btn", "data-no-turbolink" => "true"
author	Douwe Maan <douwe@gitlab.com>	2015-04-24 17:03:18 +0200
committer	Douwe Maan <douwe@gitlab.com>	2015-04-24 17:03:18 +0200
commit	571ba5a7feb870b7aa711d5a6fc6d4d53d92a4c5 (patch)
tree	817cd5b54a81a1a229be4b42e7643ad90f5040e1 /app/views/devise
parent	62117f2f25646009fb5b20d7a215d7d697ce3231 (diff)
download	gitlab-ce-571ba5a7feb870b7aa711d5a6fc6d4d53d92a4c5.tar.gz