kotovalexarian-likes-github
/
omniauth--omniauth
mirror of https://github.com/omniauth/omniauth.git
1
0
Fork 0
Code Releases Activity

Add vulnerability warning to README 

This commit adds a warning notice about CVE-2015-9284 and directs the user to the FAQ where they can find steps to mitigate it.
This commit is contained in:
Charlie Jonas 2019-07-27 12:46:50 +02:00 committed by GitHub
parent cc0f552262
commit 0740ac9061
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -122,6 +122,8 @@ environment information on the callback request. It is entirely up to
you how you want to implement the particulars of your application's you how you want to implement the particulars of your application's
authentication flow. authentication flow.
**Please note:** there is currently a CSRF vulnerability that affects OmniAuth (designated [CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284)) that requires mitigation in application itself. More details on how to do this can be found in the [FAQ](https://github.com/omniauth/omniauth/wiki/FAQ#how-do-i-mitigate-cve-2015-9284).
## Configuring The `origin` Param ## Configuring The `origin` Param
The `origin` url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to. The `origin` url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to.