This repository has been archived on 2024-07-22. You can view files and clone it, but cannot push or open issues or pull requests.
mastodon/config/initializers
Claire cfa583fa71
Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287)
Fixes #15959

Introduced in #6540, OAUTH_REDIRECT_AT_SIGN_IN allowed skipping the log-in form
to instead redirect to the external OmniAuth login provider.

However, it did not prevent the log-in form on /about introduced by #10232 from
appearing, and completely broke with the introduction of #15228.

As I restoring that previous log-in flow without introducing a security
vulnerability may require extensive care and knowledge of how OmniAuth works,
this commit removes support for OAUTH_REDIRECT_AT_SIGN_IN instead for the time
being.
2022-01-23 15:50:41 +01:00
..
0_post_deployment_migrations.rb
1_hosts.rb
2_whitelist_mode.rb
active_model_serializers.rb
application_controller_renderer.rb
assets.rb
backtrace_silencers.rb
blacklists.rb
cache_buster.rb
chewy.rb
content_security_policy.rb
cookies_serializer.rb
cors.rb
devise.rb
doorkeeper.rb
fast_blank.rb
ffmpeg.rb
filter_parameter_logging.rb
http_client_proxy.rb
httplog.rb
inflections.rb
json_ld.rb
kaminari_config.rb
mail_delivery_job.rb
makara.rb
mime_types.rb
oj.rb
omniauth.rb Remove support for OAUTH_REDIRECT_AT_SIGN_IN (#17287) 2022-01-23 15:50:41 +01:00
open_uri_redirection.rb
paperclip.rb
permissions_policy.rb
preload_link_headers.rb
premailer_rails.rb
rack_attack.rb
rack_attack_logging.rb
redis.rb
session_activations.rb
session_store.rb
sidekiq.rb
simple_form.rb
single_user_mode.rb
statsd.rb
stoplight.rb
strong_migrations.rb
suppress_csrf_warnings.rb
trusted_proxies.rb
twitter_regex.rb
vapid.rb
webauthn.rb
wrap_parameters.rb