diff options
author | Rafael França <rafaelmfranca@gmail.com> | 2017-10-10 10:13:57 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-10 10:13:57 -0400 |
commit | 86d1231302f9d993464f0156edc74eb92b517891 (patch) | |
tree | 36ddc8789347674dc4adf940583862b654723d4e /guides | |
parent | ac1ee519fa513f1c2188180e8830938c71edb48c (diff) | |
parent | 04a7b7165ad204014c5850f62c921f7291d6ba5d (diff) | |
download | rails-86d1231302f9d993464f0156edc74eb92b517891.tar.gz rails-86d1231302f9d993464f0156edc74eb92b517891.tar.bz2 rails-86d1231302f9d993464f0156edc74eb92b517891.zip |
Merge pull request #30847 from mikeycgto/signed-cookie-rotation-updates
Update security guide for signed cookie rotations
Diffstat (limited to 'guides')
-rw-r--r-- | guides/source/security.md | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index bf9af88c5d..cfa777d433 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -169,11 +169,12 @@ you would first assign the new configuration value: Rails.application.config.action_dispatch.signed_cookie_digest = "SHA256" ``` -Then you'd set up a rotation with the old configuration to keep it alive. +Now add a rotation for the old SHA1 digest so existing cookies are +seamlessly upgraded to the new SHA256 digest. ```ruby Rails.application.config.action_dispatch.cookies_rotations.tap do |cookies| - cookies.rotate :signed, digest: "SHA256" + cookies.rotate :signed, digest: "SHA1" end ``` |