Commit fd94f12

mo <mo@mokhan.ca>
2018-10-28 19:16:07
do not send session cookie
main
1 parent 6a683fe
Changed files (3)
app
controllers
oauth
metadata_controller.rb
doc
_includes
get-well-known-oauth-authorization-server.html
spec
requests
well-known
oauth_spec.rb
app/controllers/oauth/metadata_controller.rb
@@ -5,6 +5,7 @@ module Oauth
     skip_before_action :authenticate!
 
     def show
+      request.session_options[:skip] = true
       render formats: :json
     end
   end
doc/_includes/get-well-known-oauth-authorization-server.html
@@ -34,9 +34,7 @@ Referrer-Policy: strict-origin-when-cross-origin
 Content-Type: application/json; charset=utf-8
 Etag: W/"7f1eee6ebfc3008c58d630548ed1707c"
 Cache-Control: max-age=0, private, must-revalidate
-Set-Cookie: _proof=e343785abce2b45b8b8e967aff136bea; path=/; HttpOnly
-X-Request-Id: 99feec7e-ced0-465f-aadc-3968a2f42ebb
-X-Runtime: 0.241107
+X-Request-Id: 12be87d2-f521-4366-916e-c4de2495dc37
 Transfer-Encoding: chunked
 ```
spec/requests/well-known/oauth_spec.rb
@@ -10,6 +10,7 @@ RSpec.describe "/.well-known/oauth-authorization-server" do
 
     specify { expect(response).to have_http_status(:ok) }
     specify { expect(response.content_type).to eql("application/json") }
+    specify { expect(response.headers['Set-Cookie']).to be_nil }
     specify { expect(json[:issuer]).to eql(root_url) }
     specify { expect(json[:authorization_endpoint]).to eql(oauth_authorizations_url) }
     specify { expect(json[:token_endpoint]).to eql(oauth_tokens_url) }