CSRF Detection Failure in OmniAuth OAuth2 Callback
Bug Description
OmniAuth::Strategies::OAuth2::CallbackError
csrf_detected | CSRF detected
Extracted source (around line #25):
23
24
25
26
27
28
def raise_out!
raise(env['omniauth.error'] || OmniAuth::Error.new(env['omniauth.error.type']))
end
def redirect_to_failure
Rails.root: /Users/keisukekaji/ghq/github.com/Keisuke05410/learn-oauth/oauth_app
Application Trace | Framework Trace | Full Trace
omniauth (2.1.3) lib/omniauth/failure_endpoint.rb:25:in 'OmniAuth::FailureEndpoint#raise_out!'
omniauth (2.1.3) lib/omniauth/failure_endpoint.rb:20:in 'OmniAuth::FailureEndpoint#call'
omniauth (2.1.3) lib/omniauth/failure_endpoint.rb:12:in 'OmniAuth::FailureEndpoint.call'
omniauth (2.1.3) lib/omniauth/strategy.rb:547:in 'OmniAuth::Strategy#fail!'
omniauth-oauth2 (1.8.0) lib/omniauth/strategies/oauth2.rb:87:in 'OmniAuth::Strategies::OAuth2#callback_phase'
omniauth (2.1.3) lib/omniauth/strategy.rb:272:in 'OmniAuth::Strategy#callback_call'
omniauth (2.1.3) lib/omniauth/strategy.rb:194:in 'OmniAuth::Strategy#call!'
omniauth (2.1.3) lib/omniauth/strategy.rb:169:in 'OmniAuth::Strategy#call'
omniauth (2.1.3) lib/omniauth/builder.rb:44:in 'OmniAuth::Builder#call'
rack (3.1.16) lib/rack/tempfile_reaper.rb:20:in 'Rack::TempfileReaper#call'
rack (3.1.16) lib/rack/etag.rb:29:in 'Rack::ETag#call'
rack (3.1.16) lib/rack/conditional_get.rb:31:in 'Rack::ConditionalGet#call'
rack (3.1.16) lib/rack/head.rb:15:in 'Rack::Head#call'
actionpack (8.0.2) lib/action_dispatch/http/permissions_policy.rb:38:in 'ActionDispatch::PermissionsPolicy::Middleware#call'
actionpack (8.0.2) lib/action_dispatch/http/content_security_policy.rb:38:in 'ActionDispatch::ContentSecurityPolicy::Middleware#call'
rack-session (2.1.1) lib/rack/session/abstract/id.rb:274:in 'Rack::Session::Abstract::Persisted#context'
rack-session (2.1.1) lib/rack/session/abstract/id.rb:268:in 'Rack::Session::Abstract::Persisted#call'
actionpack (8.0.2) lib/action_dispatch/middleware/cookies.rb:706:in 'ActionDispatch::Cookies#call'
activerecord (8.0.2) lib/active_record/migration.rb:671:in 'ActiveRecord::Migration::CheckPending#call'
actionpack (8.0.2) lib/action_dispatch/middleware/callbacks.rb:31:in 'block in ActionDispatch::Callbacks#call'
activesupport (8.0.2) lib/active_support/callbacks.rb:100:in 'ActiveSupport::Callbacks#run_callbacks'
actionpack (8.0.2) lib/action_dispatch/middleware/callbacks.rb:30:in 'ActionDispatch::Callbacks#call'
actionpack (8.0.2) lib/action_dispatch/middleware/executor.rb:16:in 'ActionDispatch::Executor#call'
actionpack (8.0.2) lib/action_dispatch/middleware/actionable_exceptions.rb:18:in 'ActionDispatch::ActionableExceptions#call'
Environment Info
- Platform: macos
- Terminal: cursor
- Version: 1.0.17
- Feedback ID: bd4cad7a-f199-4d3f-b2e8-57d07a629dc5
Errors
[{"error":"Error: Command failed: security find-generic-password -a $USER -w -s \"Claude Code\"\nsecurity: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.\n\n at genericNodeError (node:internal/errors:983:15)\n at wrappedFn (node:internal/errors:537:14)\n at checkExecSyncError (node:child_process:882:11)\n at execSync (node:child_process:954:15)\n at YZ (file:///Users/keisukekaji/.local/share/mise/installs/node/22.16.0/lib/node_modules/@anthropic-ai/claude-code/cli.js:654:3921)\n at file:///Users/keisukekaji/.local/share/mise/installs/node/22.16.0/lib/node_modules/@anthropic-ai/claude-code/cli.js:582:11794\n at Q (file:///Users/keisukekaji/.local/share/mise/installs/node/22.16.0/lib/node_modules/@anthropic-ai/claude-code/cli.js:526:17190)\n at cJ (file:///Users/keisukekaji/.local/share/mise/installs/node/22.16.0/lib/node_modules/@anthropic-ai/claude-code/cli.js:582:10940)\n at aP (file:///Users/keisukekaji/.local/share/mise/installs/node/22.16.0/lib/node_modules/@anthropic-ai/claude-code/cli.js:582:10021)\n at a6 (file:///Users/keisukekaji/.local/share/mise/installs/node/22.16.0/lib/node_modules/@anthropic-ai/claude-code/cli.js:582:14133)","timestamp":"2025-06-09T14:53:48.159Z"}]This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗