Login using oauth leads to 404 when clicked too fast
Summary
When a user wants to login using oauth (reproduced with google and twitter) and clicks the third-party login button too fast (before the whole page is loaded) 404 is returned. Same is happening when trying to connect accounts from the Account page.
Steps to reproduce
- (Pre-step to make sure the problem is replicated) Open dev tools and slow down the network
- Enter https://gitlab.com/users/sign_in / https://gitlab.com/profile/account
- click Google or another 3rd party button before the page is loaded
What is the current bug behavior?
404 page, request is GET https://gitlab.com/users/auth/google_oauth2
What is the expected correct behavior?
POST https://gitlab.com/users/auth/google_oauth2
request redirected to the 3rd party.
Output of checks
This bug happens on GitLab.com
Possible fixes
A simple fix could be disabling the buttons before the page is loaded.
Originally reported by @michal.bryxi