fab-manager/app/controllers/sessions_controller.rb

class SessionsController < Devise::SessionsController
  #before_action :set_csrf_headers, only: [:create, :destroy]

  def new
    active_provider = AuthProvider.active
    if active_provider.providable_type != DatabaseProvider.name
      redirect_to "/users/auth/#{active_provider.strategy_name}"
    else
      super
    end
  end

  protected
  def set_csrf_headers
    cookies['XSRF-TOKEN'] = form_authenticity_token if protect_against_forgery?
  end
end