You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the this strategy in conjunction with omniauth 2.0 will fail wehen using the recommended POST request towards twitter as the session will be lost when returning to the callback (e.g. session["oauth"]will be nil). The only way I found to fix this is to set the same_site policy to :lax. I do this by hooking into the before_request_phase callback:
OmniAuth.config.before_request_phase do |env|
# twitter using post will require lax session handling
if env["omniauth.strategy"]&.name == "twitter"
env["rack.session"].instance_variable_get(:@by).instance_variable_set(:@same_site, :lax)
end
end
and resetting it in the callback:
def twitter
# reset to strict session handling
session.instance_variable_get(:@by).instance_variable_set(:@same_site, :strict)
... handle callback ...
end
this seems very brittle and hackish, any other solution?
The text was updated successfully, but these errors were encountered:
Using the this strategy in conjunction with omniauth 2.0 will fail wehen using the recommended POST request towards twitter as the session will be lost when returning to the callback (e.g.
session["oauth"]will benil). The only way I found to fix this is to set the same_site policy to:lax. I do this by hooking into thebefore_request_phasecallback:and resetting it in the callback:
this seems very brittle and hackish, any other solution?
The text was updated successfully, but these errors were encountered: