From 6546bd1532f882a85d99b4a13928112a761d6025 Mon Sep 17 00:00:00 2001
From: Jure Grabnar <jgrabnar@biosistemika.com>
Date: Wed, 31 Jul 2019 16:05:06 +0200
Subject: [PATCH] Add omniauth-rails_csrf_protection gem

Close SCI-3588
---
 Gemfile                                | 1 +
 app/views/users/shared/_links.html.erb | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Gemfile b/Gemfile
index 211cdd05d..a194a6c76 100644
--- a/Gemfile
+++ b/Gemfile
@@ -24,6 +24,7 @@ gem 'yomu'
 gem 'doorkeeper', '>= 4.6'
 gem 'omniauth'
 gem 'omniauth-linkedin-oauth2'
+gem 'omniauth-rails_csrf_protection', '~> 0.1'
 
 # Gems for API implementation
 gem 'active_model_serializers', '~> 0.10.7'
diff --git a/app/views/users/shared/_links.html.erb b/app/views/users/shared/_links.html.erb
index ed68e7ecf..4a1e5a63d 100644
--- a/app/views/users/shared/_links.html.erb
+++ b/app/views/users/shared/_links.html.erb
@@ -27,7 +27,7 @@
 
   <%- if Rails.configuration.x.enable_user_registration && Rails.configuration.x.linkedin_signin_enabled && @oauth_authorize != true %>
     <%- if devise_mapping.omniauthable? && resource_class.omniauth_providers.any? && controller_name != 'registrations' %>
-      <%= link_to omniauth_authorize_path(resource_name, :linkedin), :title => "Sign in with LinkedIn" do %>
+      <%= link_to omniauth_authorize_path(resource_name, :linkedin), method: :post :title => "Sign in with LinkedIn" do %>
         <%= image_tag('linkedin/Sign-in-Large---Default.png',
                       class: 'linkedin-signin-button',
                       alt: "Sign in with LinkedIn",