Protect OmniAuth request phase against CSRF.

author: Douwe Maan <douwe@gitlab.com> 2015-04-24 17:03:18 +0200
committer: Douwe Maan <douwe@gitlab.com> 2015-04-24 17:03:18 +0200
commit: 571ba5a7feb870b7aa711d5a6fc6d4d53d92a4c5 (patch)
tree: 817cd5b54a81a1a229be4b42e7643ad90f5040e1 /app/views/profiles/accounts
parent: 62117f2f25646009fb5b20d7a215d7d697ce3231 (diff)
download: gitlab-ce-571ba5a7feb870b7aa711d5a6fc6d4d53d92a4c5.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml
index 5bffb4acc1d..7cc6008e48e 100644
--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -34,7 +34,7 @@
         - enabled_social_providers.each do |provider|
           .btn-group
             = link_to oauth_image_tag(provider), omniauth_authorize_path(User, provider),
-              class: "btn btn-lg #{'active' if oauth_active?(provider)}"
+              method: :post, class: "btn btn-lg #{'active' if oauth_active?(provider)}"
             - if oauth_active?(provider)
               = link_to unlink_profile_account_path(provider: provider), method: :delete, class: 'btn btn-lg' do
                 %i.fa.fa-close
author	Douwe Maan <douwe@gitlab.com>	2015-04-24 17:03:18 +0200
committer	Douwe Maan <douwe@gitlab.com>	2015-04-24 17:03:18 +0200
commit	571ba5a7feb870b7aa711d5a6fc6d4d53d92a4c5 (patch)
tree	817cd5b54a81a1a229be4b42e7643ad90f5040e1 /app/views/profiles/accounts
parent	62117f2f25646009fb5b20d7a215d7d697ce3231 (diff)
download	gitlab-ce-571ba5a7feb870b7aa711d5a6fc6d4d53d92a4c5.tar.gz