Please, add to Readme some important settings.

[isaichenko]

For rails 7.1.3

In config/application.rb:
config.action_dispatch.cookies_same_site_protection = lambda { |request|
request.path == '/users/auth/apple' ? :none : :lax
}

In controllers/application_controller.rb:
def verified_request?
controller_name == 'omniauth_callbacks' || super
end

In config/environments/production.rb:
config.assume_ssl = true
config.force_ssl = true

Without these settings the gem did not work for me.
Hope this helps others.

[kschutt]

1. Are the first 2 config changes specifically geared towards disabling CSRF protection on the Apple OAuth flow?
2. Why is the last config change needed for production?

[34code]

despite doing all the above I'm getting this error in production: ERROR -- omniauth: (apple) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

[34code]

I had previously made it work with slightly different code in config/application.rb so my code doesnt have the /users/... part before as my callback url is configured differently..

config.action_dispatch.cookies_same_site_protection = lambda { |request|
      if request.path.starts_with?("/auth/apple")
        :none
      elsif request.path == '/users/auth/apple'
        :none
      else
        :lax
      end
    }