mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-25 11:16:31 -05:00
Generic OAuth2: Set state: true
The OAuth2 specification RECOMMENDS setting the state to protect against
CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to
authenticate without the state set.
This is a cherry-pick of 852868419d
.
Signed-off-by: haslersn <sebastian.hasler@gmx.net>
This commit is contained in:
parent
a160d81fe3
commit
a88b4aff2a
1 changed files with 2 additions and 1 deletions
|
@ -90,7 +90,8 @@ passport.use(new OAuth2CustomStrategy({
|
|||
clientSecret: config.oauth2.clientSecret,
|
||||
callbackURL: config.serverURL + '/auth/oauth2/callback',
|
||||
userProfileURL: config.oauth2.userProfileURL,
|
||||
scope: config.oauth2.scope
|
||||
scope: config.oauth2.scope,
|
||||
state: true
|
||||
}, passportGeneralCallback))
|
||||
|
||||
oauth2Auth.get('/auth/oauth2', function (req, res, next) {
|
||||
|
|
Loading…
Reference in a new issue