32
28

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

[Rails]gem "OmniAuth" の脆弱性対策

Last updated at Posted at 2019-06-21

gem "OmniAuth" で脆弱性が指摘されていたとのこと。
https://github.com/omniauth/omniauth/pull/809

それに対応するgemが発表されているとのこと。
https://github.com/cookpad/omniauth-rails_csrf_protection

対応gemの使い方は以下。

Gemfile
gem "omniauth-rails_csrf_protection"

上記追記してbundle install。

ビューファイル
= link_to "/auth/google_oauth2", method: :post

SNS認証へのlink_toに、method: :postを追記する。
ルーティングは変更する必要ない。元がgetならgetのままでOK。
これで問題なく認証できればOK。

32
28
5

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
32
28

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?