git.openstreetmap.org Git - rails.git/commit

]> git.openstreetmap.org Git - rails.git/commit

author	Tom Hughes <tom@compton.nu>
	Mon, 27 Dec 2021 10:25:44 +0000 (10:25 +0000)
committer	Tom Hughes <tom@compton.nu>
	Mon, 27 Dec 2021 10:34:24 +0000 (10:34 +0000)
commit	b0288b83bb437bbfc0deb325cca142066dc9848b
tree	1b6302c62713ab9c2127371038017d472fee23af	tree \| snapshot
parent	f1e0212af3e949a876239ba2c515884052c3676d	commit \| diff

Allow PATCH for OmniAuth requests

This is required to allow the account settings screen, which now
uses the PATCH verb, to redirect to OmniAuth when the external
authentication provider is changed.

As PATCH still uses CSRF this doesn't impact CVE-2015-9284 which
is the reason for requiring POST and most importantly got not
allowing GET requests to OmniAuth.

config/initializers/omniauth.rb		diff \| blob \| history
config/routes.rb		diff \| blob \| history

The OpenStreetMap web site

RSS Atom