R2-3046: Conflict between CSRF token and IDP auth

primeroIMS · Oct 3, 2024 · f0c608e · f0c608e
1 parent 6c3c602
commit f0c608e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/app/auth/idp_token_strategy.rb b/app/auth/idp_token_strategy.rb
@@ -14,7 +14,7 @@ def valid?
 
   # This is an override for warden to skip storing session in a cookie
   def store?
-    false
+    true
   end
 
   def authenticate!

diff --git a/app/controllers/application_api_controller.rb b/app/controllers/application_api_controller.rb
@@ -15,7 +15,7 @@ class ApplicationApiController < ActionController::API
   before_action :check_config_update_lock!
   before_action :set_csrf_cookie, unless: -> { request_from_basic_auth? }
 
-  protect_from_forgery with: :exception, prepend: true, if: -> { use_csrf_protection? }
+  protect_from_forgery with: :exception, if: -> { use_csrf_protection? }
 
   class << self
     attr_accessor :model_class
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,7 +14,7 @@ def valid? @@
       # This is an override for warden to skip storing session in a cookie
       def store?
-        false
+        true
       end
       def authenticate!
@@ Expand Down @@