Replies: 1 comment 1 reply
-
You'd have to open a PR that adds a strategy option of something like |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi - I am building a new strategy for OmniAuth that can safely handle GET requests in the request phase. It uses an Open ID Third party initiated flow, and from what I can see, it will not fall into the CVE-2015-9284 Vulnerability.
To make this new strategy accept a GET request in the request phase, I need to do:
But I don't want to open that option for other strategies. And I cannot see a way to define that value per strategy on the codebase.
Has this been discussed before? Any reason why this option is offered as a global config, and not per strategy?
Beta Was this translation helpful? Give feedback.
All reactions