SECURITY: don't echo the "strategy" param returned by auto provider

2025-05-23 14:01:14 +08:00 · 2015-01-06 16:28:29 +11:00
parent f2b0115453
commit e6dba8adc2
2 changed files with 2 additions and 2 deletions
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@ -47,7 +47,7 @@ class Users::OmniauthCallbacksController < ApplicationController
  end

  def failure
-    flash[:error] = I18n.t("login.omniauth_error", strategy: params[:strategy].titleize)
+    flash[:error] = I18n.t("login.omniauth_error")
    render layout: 'no_js'
  end