kotovalexarian-likes-github
/
omniauth--omniauth
mirror of https://github.com/omniauth/omniauth.git
1
0
Fork 0
Code Releases Activity

Merge pull request #966 from CHTJonas/patch-1 

Add vulnerability warning to README
This commit is contained in:
Bobby McDonald 2019-11-20 12:01:59 -05:00 committed by GitHub
parent b8fc8382ed b2697e7e4c
commit 894cb9c2f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -120,6 +120,8 @@ environment information on the callback request. It is entirely up to
you how you want to implement the particulars of your application's you how you want to implement the particulars of your application's
authentication flow. authentication flow.
**Please note:** there is currently a CSRF vulnerability which affects OmniAuth (designated [CVE-2015-9284](https://nvd.nist.gov/vuln/detail/CVE-2015-9284)) that requires mitigation at the application level. More details on how to do this can be found on the [Wiki](https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284).
## Configuring The `origin` Param ## Configuring The `origin` Param
The `origin` url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to. The `origin` url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to.