# omniauth
match '/auth/:provider/callback', :to => 'user_sessions#create'
match '/auth/failure', :to => 'user_sessions#failure'
+ # not handled by omniauth provider -> 403 with no CORS headers.
+ get '/auth/*a', :to => 'user_sessions#cross_origin_forbidden'
# Custom logout
match '/login', :to => 'user_sessions#login'