diff --git a/Gemfile b/Gemfile
index c667286e2..fd7ee8f71 100644
--- a/Gemfile
+++ b/Gemfile
@@ -31,9 +31,10 @@ gem "jquery-rails", "~> 4.3.3"
gem "jquery-ui-rails", "~> 6.0.1"
gem "kaminari", "~> 1.1.1"
gem "newrelic_rpm", "~> 4.1.0.333"
-gem "omniauth", "~> 1.8.1"
+gem "omniauth", "~> 1.9.0"
gem "omniauth-facebook", "~> 4.0.0"
gem "omniauth-google-oauth2", "~> 0.4.0"
+gem "omniauth-rails_csrf_protection", "~> 0.1.2"
gem "omniauth-twitter", "~> 1.4.0"
gem "paperclip", "~> 5.2.1"
gem "paranoia", "~> 2.4.2"
diff --git a/Gemfile.lock b/Gemfile.lock
index 2694e4609..b48a8df4f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -257,7 +257,7 @@ GEM
activesupport (>= 3)
gyoku (1.3.1)
builder (>= 2.1.2)
- hashie (3.5.7)
+ hashie (3.6.0)
highline (2.0.2)
html_tokenizer (0.0.7)
htmlentities (4.3.4)
@@ -360,8 +360,8 @@ GEM
rack (>= 1.2, < 3)
octokit (4.14.0)
sawyer (~> 0.8.0, >= 0.5.3)
- omniauth (1.8.1)
- hashie (>= 3.4.6, < 3.6.0)
+ omniauth (1.9.0)
+ hashie (>= 3.4.6, < 3.7.0)
rack (>= 1.6.2, < 3)
omniauth-facebook (4.0.0)
omniauth-oauth2 (~> 1.2)
@@ -376,6 +376,9 @@ GEM
omniauth-oauth2 (1.5.0)
oauth2 (~> 1.1)
omniauth (~> 1.2)
+ omniauth-rails_csrf_protection (0.1.2)
+ actionpack (>= 4.2)
+ omniauth (>= 1.3.1)
omniauth-twitter (1.4.0)
omniauth-oauth (~> 1.1)
rack
@@ -646,9 +649,10 @@ DEPENDENCIES
letter_opener_web (~> 1.3.4)
mdl (~> 0.5.0)
newrelic_rpm (~> 4.1.0.333)
- omniauth (~> 1.8.1)
+ omniauth (~> 1.9.0)
omniauth-facebook (~> 4.0.0)
omniauth-google-oauth2 (~> 0.4.0)
+ omniauth-rails_csrf_protection (~> 0.1.2)
omniauth-twitter (~> 1.4.0)
paperclip (~> 5.2.1)
paranoia (~> 2.4.2)
diff --git a/app/views/devise/_omniauth_form.html.erb b/app/views/devise/_omniauth_form.html.erb
index 3f2ad28c8..e5c20e6c3 100644
--- a/app/views/devise/_omniauth_form.html.erb
+++ b/app/views/devise/_omniauth_form.html.erb
@@ -12,7 +12,8 @@
<%= link_to t("omniauth.twitter.name"), user_twitter_omniauth_authorize_path,
title: t("omniauth.twitter.sign_in"),
- class: "button-twitter button expanded" %>
+ class: "button-twitter button expanded",
+ method: :post %>
<% end %>
@@ -20,7 +21,8 @@
<%= link_to t("omniauth.facebook.name"), user_facebook_omniauth_authorize_path,
title: t("omniauth.facebook.sign_in"),
- class: "button-facebook button expanded" %>
+ class: "button-facebook button expanded",
+ method: :post %>
<% end %>
@@ -28,7 +30,8 @@
<%= link_to t("omniauth.google_oauth2.name"), user_google_oauth2_omniauth_authorize_path,
title: t("omniauth.google_oauth2.sign_in"),
- class: "button-google button expanded" %>
+ class: "button-google button expanded",
+ method: :post %>
<% end %>
@@ -49,7 +52,8 @@
<%= link_to t("omniauth.twitter.name"), user_twitter_omniauth_authorize_path,
title: t("omniauth.twitter.sign_up"),
- class: "button-twitter button expanded" %>
+ class: "button-twitter button expanded",
+ method: :post %>
<% end %>
@@ -57,7 +61,8 @@
<%= link_to t("omniauth.facebook.name"), user_facebook_omniauth_authorize_path,
title: t("omniauth.facebook.sign_up"),
- class: "button-facebook button expanded" %>
+ class: "button-facebook button expanded",
+ method: :post %>
<% end %>
@@ -65,7 +70,8 @@
<%= link_to t("omniauth.google_oauth2.name"), user_google_oauth2_omniauth_authorize_path,
title: t("omniauth.google_oauth2.sign_up"),
- class: "button-google button expanded" %>
+ class: "button-google button expanded",
+ method: :post %>
<% end %>