diff options
| author | Andrew White <pixeltrix@users.noreply.github.com> | 2018-03-14 14:56:34 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-03-14 14:56:34 +0000 |
| commit | b3b193f7d65357970e72711d42db8070dcf92ce4 (patch) | |
| tree | 6bc2bd16b9a43af6bb8f687f3cd4e8df8f0a5ac8 /guides/source | |
| parent | ae7a57209d0a2365a6e90684e45d55b7de78101d (diff) | |
| parent | c8a22bb9eef2654c87a0fdb9139d868caf482ec0 (diff) | |
| download | rails-b3b193f7d65357970e72711d42db8070dcf92ce4.tar.gz rails-b3b193f7d65357970e72711d42db8070dcf92ce4.tar.bz2 rails-b3b193f7d65357970e72711d42db8070dcf92ce4.zip | |
Merge pull request #32250 from bogdanvlviv/add-info-about-exprity-of-siigned-cookies-to-upgrading-to-5-2
Update "Upgrading from Rails 5.1 to Rails 5.2" [ci skip]
Diffstat (limited to 'guides/source')
| -rw-r--r-- | guides/source/configuring.md | 4 | ||||
| -rw-r--r-- | guides/source/upgrading_ruby_on_rails.md | 10 |
2 files changed, 14 insertions, 0 deletions
diff --git a/guides/source/configuring.md b/guides/source/configuring.md index a87b8a2f48..368b74f708 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -502,6 +502,10 @@ Defaults to `'signed cookie'`. * `config.action_dispatch.cookies_rotations` allows rotating secrets, ciphers, and digests for encrypted and signed cookies. +* `config.action_dispatch.use_authenticated_cookie_encryption` controls whether + signed and encrypted cookies use the AES-256-GCM cipher or + the older AES-256-CBC cipher. It defaults to `true`. + * `config.action_dispatch.perform_deep_munge` configures whether `deep_munge` method should be performed on the parameters. See [Security Guide](security.html#unsafe-query-generation) for more information. It defaults to `true`. diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md index a72bc64926..d5dfaef591 100644 --- a/guides/source/upgrading_ruby_on_rails.md +++ b/guides/source/upgrading_ruby_on_rails.md @@ -77,6 +77,16 @@ Rails 5.2 adds bootsnap gem in the [newly generated app's Gemfile](https://githu The `app:update` task sets it up in `boot.rb`. If you want to use it, then add it in the Gemfile, otherwise change the `boot.rb` to not use bootsnap. +### Expiry in signed or encrypted cookie is now embedded in the cookies values + +To improve security, Rails now embeds the expiry information also in encrypted or signed cookies value. + +This new embed information make those cookies incompatible with versions of Rails older than 5.2. + +If you require your cookies to be read by 5.1 and older, or you are still validating your 5.2 deploy and want +to allow you to rollback set +`Rails.application.config.action_dispatch.use_authenticated_cookie_encryption` to `false`. + Upgrading from Rails 5.0 to Rails 5.1 ------------------------------------- |