aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Hawthorn <john@hawthorn.email>2019-03-22 17:53:55 -0700
committerJohn Hawthorn <john@hawthorn.email>2019-03-22 17:59:41 -0700
commitd0334b8f017eb63b37359c738860046fb4daa710 (patch)
treee887e66cb7b023103f12ee4f974d5510d3a4ef99
parent56723964ce087990ba5e17e42a29d08a935eb37b (diff)
downloadrails-d0334b8f017eb63b37359c738860046fb4daa710.tar.gz
rails-d0334b8f017eb63b37359c738860046fb4daa710.tar.bz2
rails-d0334b8f017eb63b37359c738860046fb4daa710.zip
Update comment for how secret key is calculated
This updates the comment to reflect how the secret key is generated since 4c743587ad6a31908503ab317e37d70361d49e66 Fixes #35717
-rw-r--r--railties/lib/rails/application.rb3
1 files changed, 2 insertions, 1 deletions
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 6bc6c548d2..038284ebdd 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -409,7 +409,8 @@ module Rails
# The secret_key_base is used as the input secret to the application's key generator, which in turn
# is used to create all MessageVerifiers/MessageEncryptors, including the ones that sign and encrypt cookies.
#
- # In test and development, this is simply derived as a MD5 hash of the application's name.
+ # In development and test, this is randomly generated and stored in a
+ # temporary file in <tt>tmp/development_secret.txt</tt>.
#
# In all other environments, we look for it first in ENV["SECRET_KEY_BASE"],
# then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications,