1
0
Fork 0
mirror of https://github.com/simi/omniauth-facebook.git synced 2022-11-09 12:32:45 -05:00

remove now redundant per-request state from signed_request flow (it will fail CSRF)

This commit is contained in:
Mark Dodwell 2013-11-13 23:55:33 -08:00
parent a3d5375389
commit fd62381a5f

View file

@ -81,7 +81,6 @@ module OmniAuth
# if we already have an access token, we can just hit the # if we already have an access token, we can just hit the
# callback URL directly and pass the signed request along # callback URL directly and pass the signed request along
params = { :signed_request => raw_signed_request } params = { :signed_request => raw_signed_request }
params[:state] = request.params['state'] if request.params['state']
query = Rack::Utils.build_query(params) query = Rack::Utils.build_query(params)
url = callback_url url = callback_url