Not found. Authentication passthru. #473
Description
I saw a previous issue #145 with the same error but it's a bit old I think.
I am trying to configure google auth with device.
- omniauth-google-oauth2 (1.2.1)
- devise (4.9.4)
- omniauth (2.1.3)
- omniauth-rails_csrf_protection (1.0.2)
In order to make everything work I had to add the line below in the devise.rb file
OmniAuth.config.allowed_request_methods = %i[get]
Without this line I got "Not found. Authentication passthru." error.
I got some warning but it is working:
2025-06-28T15:36:58.264437+00:00 app[web.1]: W, [2025-06-28T15:36:58.264403 #2] WARN -- omniauth: (google_oauth2) You are using GET as an allowed request method for OmniAuth. This may leave
2025-06-28T15:36:58.264437+00:00 app[web.1]: you open to CSRF attacks. As of v2.0.0, OmniAuth by default allows only POST
2025-06-28T15:36:58.264438+00:00 app[web.1]: to its own routes. You should review the following resources to guide your
2025-06-28T15:36:58.264438+00:00 app[web.1]: mitigation:
2025-06-28T15:36:58.264445+00:00 app[web.1]: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
2025-06-28T15:36:58.264446+00:00 app[web.1]: https://github.com/omniauth/omniauth/issues/960
2025-06-28T15:36:58.264446+00:00 app[web.1]: https://nvd.nist.gov/vuln/detail/CVE-2015-9284
2025-06-28T15:36:58.264446+00:00 app[web.1]: https://github.com/omniauth/omniauth/pull/809
2025-06-28T15:36:58.264447+00:00 app[web.1]:
2025-06-28T15:36:58.264447+00:00 app[web.1]: You can ignore this warning by setting:
2025-06-28T15:36:58.264447+00:00 app[web.1]: OmniAuth.config.silence_get_warning = true