diff options
author | Godfrey Chan <godfreykfc@gmail.com> | 2014-04-23 11:07:50 -0500 |
---|---|---|
committer | Godfrey Chan <godfreykfc@gmail.com> | 2014-04-23 12:32:14 -0500 |
commit | 2a412b3d6f6eef23db5874c5e33d995858bfa1e5 (patch) | |
tree | 2eb24bd456620652175c5512f7cc87462bf47160 /actionpack/lib/action_dispatch | |
parent | 650585da8ac15742b64965c338110e8e859a3b5e (diff) | |
download | rails-2a412b3d6f6eef23db5874c5e33d995858bfa1e5.tar.gz rails-2a412b3d6f6eef23db5874c5e33d995858bfa1e5.tar.bz2 rails-2a412b3d6f6eef23db5874c5e33d995858bfa1e5.zip |
Fixed an issue with migrating legacy json cookies.
Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
cookies are marshal-encoded. This is not the case when `secret_token` is
used in conjunction with the `:json` or `:hybrid` serializer.
In those case, when upgrading to use `secret_key_base`, this would cause a
`TypeError: incompatible marshal file format` and a 500 error for the user.
Fixes #14774.
*Godfrey Chan*
Diffstat (limited to 'actionpack/lib/action_dispatch')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index c0039fa3f5..22b16b628d 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -176,11 +176,11 @@ module ActionDispatch module VerifyAndUpgradeLegacySignedMessage def initialize(*args) super - @legacy_verifier = ActiveSupport::MessageVerifier.new(@options[:secret_token]) + @legacy_verifier = ActiveSupport::MessageVerifier.new(@options[:secret_token], serializer: NullSerializer) end def verify_and_upgrade_legacy_signed_message(name, signed_message) - @legacy_verifier.verify(signed_message).tap do |value| + deserialize(name, @legacy_verifier.verify(signed_message)).tap do |value| self[name] = { value: value } end rescue ActiveSupport::MessageVerifier::InvalidSignature |