Update 30_apple.mdx (#1800)

* Update 30_apple.mdx Add a note about the CSRF middleware exemption for the Apple OIDC webbrowser flow. * chore: text --------- Co-authored-by: vinckr <vincent@ory.sh>
ory · Jul 23, 2024 · 72c1cee · 72c1cee
1 parent 81d0e36
commit 72c1cee
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/docs/kratos/social-signin/30_apple.mdx b/docs/kratos/social-signin/30_apple.mdx
@@ -93,6 +93,13 @@ Follow these steps to add Apple as a social sign-in provider to your project usi
    }
    ```
 
+:::note
+
+The provider ID for the web browser flow must be `apple`. This makes sure that the resulting callback URL will be exempt from CSRF
+middleware, as Apple uses a POST form request that does not include the CSRF cookie.
+
+:::
+
 ```mdx-code-block
    <JsonnetWarning format="Jsonnet code snippets" use="data mapping" />
 ```