diff options
author | Santiago Pastorino <santiago@wyeworks.com> | 2012-11-15 12:17:25 -0800 |
---|---|---|
committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-11-15 12:17:25 -0800 |
commit | ef8b845de7e06077131297a398cb7f4e81d6bb08 (patch) | |
tree | b1e54d87132a561f1a5ad4b61a2eea28de4b26dc /actionpack/lib/action_controller/metal | |
parent | cf3eb6dab0e89ea6b64b9bdb24d4df3e8006da7b (diff) | |
parent | d63783983f8c03d5c624938081615579dcc753f7 (diff) | |
download | rails-ef8b845de7e06077131297a398cb7f4e81d6bb08.tar.gz rails-ef8b845de7e06077131297a398cb7f4e81d6bb08.tar.bz2 rails-ef8b845de7e06077131297a398cb7f4e81d6bb08.zip |
Merge pull request #8112 from rails/encrypted_cookies
Encrypted cookies
Diffstat (limited to 'actionpack/lib/action_controller/metal')
-rw-r--r-- | actionpack/lib/action_controller/metal/http_authentication.rb | 6 | ||||
-rw-r--r-- | actionpack/lib/action_controller/metal/request_forgery_protection.rb | 8 |
2 files changed, 7 insertions, 7 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 6d46586367..d3b5bafee1 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -249,9 +249,9 @@ module ActionController end def secret_token(request) - secret = request.env["action_dispatch.secret_token"] - raise "You must set config.secret_token in your app's config" if secret.blank? - secret + key_generator = request.env["action_dispatch.key_generator"] + http_auth_salt = request.env["action_dispatch.http_auth_salt"] + key_generator.generate_key(http_auth_salt) end # Uses an MD5 digest based on time to generate a value to be used only once. diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb index a50f0ca8c1..265ce5d6f3 100644 --- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb +++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb @@ -121,11 +121,11 @@ module ActionController #:nodoc: class NullCookieJar < ActionDispatch::Cookies::CookieJar #:nodoc: def self.build(request) - secret = request.env[ActionDispatch::Cookies::TOKEN_KEY] - host = request.host - secure = request.ssl? + key_generator = request.env[ActionDispatch::Cookies::GENERATOR_KEY] + host = request.host + secure = request.ssl? - new(secret, host, secure) + new(key_generator, host, secure) end def write(*) |