using POST request will require lax session handling #139
Description
Using the this strategy in conjunction with omniauth 2.0 will fail wehen using the recommended POST request towards twitter as the session will be lost when returning to the callback (e.g. session["oauth"]will be nil). The only way I found to fix this is to set the same_site policy to :lax. I do this by hooking into the before_request_phase callback:
OmniAuth.config.before_request_phase do |env|
# twitter using post will require lax session handling
if env["omniauth.strategy"]&.name == "twitter"
env["rack.session"].instance_variable_get(:@by).instance_variable_set(:@same_site, :lax)
end
end
and resetting it in the callback:
def twitter
# reset to strict session handling
session.instance_variable_get(:@by).instance_variable_set(:@same_site, :strict)
... handle callback ...
end
this seems very brittle and hackish, any other solution?