From ccd92a342d1c858abfb868e0eaa891f0d9dfada1 Mon Sep 17 00:00:00 2001
From: Daniel Gerhardt <code@dgerhardt.net>
Date: Mon, 15 Jun 2015 12:49:54 +0200
Subject: [PATCH] Directly link sign in button on page headers with CAS login

The following formerly separate commits have been merged in:

* Adjust 'Sign in' button for GitLab's CSRF protection

  GitLab introduced CSRF protection for authentication requests in
  571ba5a7. The 'Sign in' button has been
  adjusted to send a POST request.

* Opt out of turbolinks for 'Sign in' button
---
 app/views/layouts/header/_default.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/layouts/header/_default.html.haml b/app/views/layouts/header/_default.html.haml
index 5456be77aab..965f4d3a2f9 100644
--- a/app/views/layouts/header/_default.html.haml
+++ b/app/views/layouts/header/_default.html.haml
@@ -53,7 +53,7 @@
           - else
             %li
               %div
-                = link_to "Sign in", new_session_path(:user, redirect_to_referer: 'yes'), class: 'btn btn-sign-in btn-success'
+                = link_to "Sign in", omniauth_authorize_path(:user, :cas3), method: :post, class: 'btn btn-sign-in btn-success', "data-no-turbolink" => "true"
 
 
       %h1.title= title
-- 
GitLab