Avoid JavaScript for Omniauth logins (!33227) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-fix-omniauth-buttons-js into master May 27, 2020

When a user clicks on an Omniauth login icon (e.g. Google), Rails will translate a link_to URL from a GET to a POST form submission via JavaScript. However, if JavaScript is disabled or not loaded before the page loads, this will cause a GET request to go to the login provider instead of POST, resulting in a 404.

To avoid this, we use button_to instead of link_to. button_to will set a form submission with a POST request without JavaScript.

Closes #28904 (closed)

Edited May 27, 2020 by Stan Hu

Avoid JavaScript for Omniauth logins

Merge request reports