diff options
author | Michael Coyne <mikeycgto@gmail.com> | 2017-09-23 17:18:01 -0400 |
---|---|---|
committer | Michael Coyne <mikeycgto@gmail.com> | 2017-09-24 12:23:38 -0400 |
commit | 8b0af54bbe5ab8b598e980013dd53a50d819b636 (patch) | |
tree | 05c883f46d687c0483db2313185420804e13c4c7 /actionpack/lib/action_dispatch/railtie.rb | |
parent | 39f8ca64cec8667b66628e970211b4d18abbc373 (diff) | |
download | rails-8b0af54bbe5ab8b598e980013dd53a50d819b636.tar.gz rails-8b0af54bbe5ab8b598e980013dd53a50d819b636.tar.bz2 rails-8b0af54bbe5ab8b598e980013dd53a50d819b636.zip |
Add key rotation cookies middleware
Using the action_dispatch.cookies_rotations interface, key rotation is
now possible with cookies. Thus the secret_key_base as well as salts,
ciphers, and digests, can be rotated without expiring sessions.
Diffstat (limited to 'actionpack/lib/action_dispatch/railtie.rb')
-rw-r--r-- | actionpack/lib/action_dispatch/railtie.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/railtie.rb b/actionpack/lib/action_dispatch/railtie.rb index 4743a7ce61..855f2ffa47 100644 --- a/actionpack/lib/action_dispatch/railtie.rb +++ b/actionpack/lib/action_dispatch/railtie.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true require "action_dispatch" +require "active_support/messages/rotation_configuration" module ActionDispatch class Railtie < Rails::Railtie # :nodoc: @@ -18,6 +19,7 @@ module ActionDispatch config.action_dispatch.signed_cookie_salt = "signed cookie" config.action_dispatch.encrypted_cookie_salt = "encrypted cookie" config.action_dispatch.encrypted_signed_cookie_salt = "signed encrypted cookie" + config.action_dispatch.authenticated_encrypted_cookie_salt = "authenticated encrypted cookie" config.action_dispatch.use_authenticated_cookie_encryption = false config.action_dispatch.perform_deep_munge = true @@ -27,6 +29,8 @@ module ActionDispatch "X-Content-Type-Options" => "nosniff" } + config.action_dispatch.cookies_rotations = ActiveSupport::Messages::RotationConfiguration.new + config.eager_load_namespaces << ActionDispatch initializer "action_dispatch.configure" do |app| @@ -39,8 +43,6 @@ module ActionDispatch ActionDispatch::ExceptionWrapper.rescue_responses.merge!(config.action_dispatch.rescue_responses) ActionDispatch::ExceptionWrapper.rescue_templates.merge!(config.action_dispatch.rescue_templates) - config.action_dispatch.authenticated_encrypted_cookie_salt = "authenticated encrypted cookie" if config.action_dispatch.use_authenticated_cookie_encryption - config.action_dispatch.always_write_cookie = Rails.env.development? if config.action_dispatch.always_write_cookie.nil? ActionDispatch::Cookies::CookieJar.always_write_cookie = config.action_dispatch.always_write_cookie |