Skip to content

fix: Require POST for social login instead of GET#1150

Draft
Erethon wants to merge 1 commit into
NixOS:mainfrom
Erethon:allauth-post
Draft

fix: Require POST for social login instead of GET#1150
Erethon wants to merge 1 commit into
NixOS:mainfrom
Erethon:allauth-post

Conversation

@Erethon

@Erethon Erethon commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator

The docs of allauth specify:

For security considerations, it is strongly recommended to require POST requests.

This will add an extra step where the user needs to click on a "Continue" button before they can login. I'm opening this PR to discuss if this is a UX decision we made consciously or something that we happened to include. If it's the former, then I'll edit this PR to add a comment to the setting, because it caught me by surprise when looking at the code.

The docs of allauth specify:
> For security considerations, it is strongly recommended to require POST requests.
This will add an extra step where the user needs to click on a
"Continue" button before they can login.
@fricklerhandwerk

Copy link
Copy Markdown
Collaborator

IIRC the problem @florentc was that the API-based UI client doesn't eat the HTML response well. But we can use https://docs.allauth.org/en/latest/headless/index.html in that case.

@fricklerhandwerk fricklerhandwerk added the bug Something isn't working label Jul 13, 2026
@fricklerhandwerk fricklerhandwerk removed this from the 4 Production deployment milestone Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants