diff options
author | Rafael Mendonça França <rafael.franca@plataformatec.com.br> | 2014-11-10 20:38:46 -0200 |
---|---|---|
committer | Rafael Mendonça França <rafael.franca@plataformatec.com.br> | 2014-11-10 20:38:46 -0200 |
commit | 091652cae8465711de3c12697a93c67a9f94576c (patch) | |
tree | 545a299c44c0cd034dae0d038005276bad4a4499 /actionpack | |
parent | 82e20030d4dc022c3a25ecc82315bda553a8659d (diff) | |
parent | db5f1a46f26ed2b8359d3dde3398dd1a8ca443d4 (diff) | |
download | rails-091652cae8465711de3c12697a93c67a9f94576c.tar.gz rails-091652cae8465711de3c12697a93c67a9f94576c.tar.bz2 rails-091652cae8465711de3c12697a93c67a9f94576c.zip |
Merge pull request #16535 from bf4/patch-1
Allow fallback to LegacyKeyGenerator when secret_key_base is not set but secrets.secret_token is
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 83ac62a83d..9037bf0e0a 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -120,7 +120,7 @@ module ActionDispatch # the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed # cookie was tampered with by the user (or a 3rd party), nil will be returned. # - # If +secrets.secret_key_base+ and +config.secret_token+ (deprecated) are both set, + # If +secrets.secret_key_base+ and +secrets.secret_token+ (deprecated) are both set, # legacy cookies signed with the old key generator will be transparently upgraded. # # This jar requires that you set a suitable secret for the verification on your app's +secrets.secret_key_base+. @@ -143,7 +143,7 @@ module ActionDispatch # Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read. # If the cookie was tampered with by the user (or a 3rd party), nil will be returned. # - # If +secrets.secret_key_base+ and +config.secret_token+ (deprecated) are both set, + # If +secrets.secret_key_base+ and +secrets.secret_token+ (deprecated) are both set, # legacy cookies signed with the old key generator will be transparently upgraded. # # This jar requires that you set a suitable secret for the verification on your app's +secrets.secret_key_base+. @@ -479,7 +479,7 @@ module ActionDispatch end # UpgradeLegacySignedCookieJar is used instead of SignedCookieJar if - # config.secret_token and secrets.secret_key_base are both set. It reads + # secrets.secret_token and secrets.secret_key_base are both set. It reads # legacy cookies signed with the old dummy key generator and re-saves # them using the new key generator to provide a smooth upgrade path. class UpgradeLegacySignedCookieJar < SignedCookieJar #:nodoc: @@ -537,7 +537,7 @@ module ActionDispatch end # UpgradeLegacyEncryptedCookieJar is used by ActionDispatch::Session::CookieStore - # instead of EncryptedCookieJar if config.secret_token and secrets.secret_key_base + # instead of EncryptedCookieJar if secrets.secret_token and secrets.secret_key_base # are both set. It reads legacy cookies signed with the old dummy key generator and # encrypts and re-saves them using the new key generator to provide a smooth upgrade path. class UpgradeLegacyEncryptedCookieJar < EncryptedCookieJar #:nodoc: |