diff options
| author | Vipul A M <vipulnsward@gmail.com> | 2019-05-12 11:11:58 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-05-12 11:11:58 -0400 |
| commit | 1efe902f33b7704d487e8414aaf9af6178523e45 (patch) | |
| tree | 6aa53da5a24c1633d039d3fc0b03935439379c32 /guides | |
| parent | 8f9f43172c9b12e363b56b2fad35f904224e9616 (diff) | |
| parent | 739aec916fc95e24d1917383d628dbfde28f1125 (diff) | |
| download | rails-1efe902f33b7704d487e8414aaf9af6178523e45.tar.gz rails-1efe902f33b7704d487e8414aaf9af6178523e45.tar.bz2 rails-1efe902f33b7704d487e8414aaf9af6178523e45.zip | |
Merge pull request #36245 from vishaltelangre/patch-4
[ci skip] Clarity about embed metadata in signed and encrypted cookie
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/source/6_0_release_notes.md | 2 | ||||
| -rw-r--r-- | guides/source/upgrading_ruby_on_rails.md | 7 |
2 files changed, 5 insertions, 4 deletions
diff --git a/guides/source/6_0_release_notes.md b/guides/source/6_0_release_notes.md index 1b37bf50e1..fa45e7240d 100644 --- a/guides/source/6_0_release_notes.md +++ b/guides/source/6_0_release_notes.md @@ -245,7 +245,7 @@ Please refer to the [Changelog][action-pack] for detailed changes. * Expose `ActionController::Parameters#each_key`. ([Pull Request](https://github.com/rails/rails/pull/33758)) -* Add purpose metadata to signed/encrypted cookies to prevent copying the value of +* Add purpose and expiry metadata inside signed/encrypted cookies to prevent copying the value of cookies into one another. ([Pull Request](https://github.com/rails/rails/pull/32937)) diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md index fee433dcfc..10a9f24c9a 100644 --- a/guides/source/upgrading_ruby_on_rails.md +++ b/guides/source/upgrading_ruby_on_rails.md @@ -85,13 +85,14 @@ Rails 6.1. You are encouraged to enable `config.force_ssl` to enforce HTTPS connections throughout your application. If you need to exempt certain endpoints from redirection, you can use `config.ssl_options` to configure that behavior. -### Purpose in signed or encrypted cookie is now embedded within cookies +### Purpose and expiry metadata is now embedded inside signed and encrypted cookies for increased security + +To improve security, Rails embeds the purpose and expiry metadata inside encrypted or signed cookies value. -To improve security, Rails embeds the purpose information in encrypted or signed cookies value. Rails can then thwart attacks that attempt to copy the signed/encrypted value of a cookie and use it as the value of another cookie. -This new embed information make those cookies incompatible with versions of Rails older than 6.0. +This new embed metadata make those cookies incompatible with versions of Rails older than 6.0. If you require your cookies to be read by Rails 5.2 and older, or you are still validating your 6.0 deploy and want to be able to rollback set |