Apple Sign In with Rails and Kamal raises ActionController::InvalidAuthenticityToken error #67
Comments
|
It looks like Apple performs a POST to the redirect uri instead of the usual OAuth flow. I assume that the error you see happens at that stage since the POST triggers the CSRF check. There are some interesting links in this issue with all sorts of solutions (watch out for the insecure hacks!). I'd speculate that in the process of moving to Kamal, some other workarounds that your company had in place were removed. Issue in omniauth-apple: nhosoya/omniauth-apple#114 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Context: Apple sign-in with omniauth-apple worked fine until a week ago when the company moved the app to Kamal. We started getting this error:
I found a suggestion to forward the
X-Forwarded-ProtoandX-Forwarded-Sslheaders. TheX-Forwarded-Protois configurable in Kamal but it didn't fix the issue.X-Forwarded-Ssldoesn't seem to be configurable.I also found a suggestion to set the
Originheader to your own domain, but I don't think that's configurable with Kamal.Is there another way to configure these headers? Any help fixing this issue is appreciated too.
The text was updated successfully, but these errors were encountered: