You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have this spec in my application, which was added to check for the security flaw mitigation, now, after updating this gem and omniauth to 2.0.1, this spec started to fail with: expected ActionController::InvalidAuthenticityToken but nothing was raised
describe"POST /auth/:provider without CSRF token"dobeforedo@allow_forgery_protection=ActionController::Base.allow_forgery_protectionActionController::Base.allow_forgery_protection=trueendafterdoActionController::Base.allow_forgery_protection=@allow_forgery_protectionenditdoexpectdopost"/auth/google_oauth2"end.toraise_error(ActionController::InvalidAuthenticityToken)endend
I understood in the release notes that the gem still verifies the CSRF token, why is this test failing now?
The text was updated successfully, but these errors were encountered:
fabioxgn
changed the title
CVE-2015-9284 Mitigation spec
CVE-2015-9284 Mitigation spec failing
Jan 22, 2021
I have this spec in my application, which was added to check for the security flaw mitigation, now, after updating this gem and omniauth to 2.0.1, this spec started to fail with:
expected ActionController::InvalidAuthenticityToken but nothing was raised
I understood in the release notes that the gem still verifies the CSRF token, why is this test failing now?
The text was updated successfully, but these errors were encountered: