diff options
| author | Michael Coyne <mikeycgto@gmail.com> | 2017-02-23 13:54:17 -0500 |
|---|---|---|
| committer | Michael Coyne <mikeycgto@gmail.com> | 2017-05-22 08:50:36 +0000 |
| commit | 5a3ba63d9abad86b7f6dd36a92cfaf722e52760b (patch) | |
| tree | 523981cf2bfddf5941218a463a8b19544c28db65 /railties/lib/rails/application/configuration.rb | |
| parent | 7a2041335f2a5f86179e303fa84a4653f58e1620 (diff) | |
| download | rails-5a3ba63d9abad86b7f6dd36a92cfaf722e52760b.tar.gz rails-5a3ba63d9abad86b7f6dd36a92cfaf722e52760b.tar.bz2 rails-5a3ba63d9abad86b7f6dd36a92cfaf722e52760b.zip | |
AEAD encrypted cookies and sessions
This commit changes encrypted cookies from AES in CBC HMAC mode to
Authenticated Encryption using AES-GCM. It also provides a cookie jar
to transparently upgrade encrypted cookies to this new scheme. Some
other notable changes include:
- There is a new application configuration value:
+use_authenticated_cookie_encryption+. When enabled, AEAD encrypted
cookies will be used.
- +cookies.signed+ does not raise a +TypeError+ now if the name of an
encrypted cookie is used. Encrypted cookies using the same key as
signed cookies would be verified and serialization would then fail
due the message still be encrypted.
Diffstat (limited to 'railties/lib/rails/application/configuration.rb')
| -rw-r--r-- | railties/lib/rails/application/configuration.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb index 4dc9a431f6..4ffde6198a 100644 --- a/railties/lib/rails/application/configuration.rb +++ b/railties/lib/rails/application/configuration.rb @@ -88,6 +88,10 @@ module Rails active_record.cache_versioning = true end + if respond_to?(:action_dispatch) + action_dispatch.use_authenticated_cookie_encryption = true + end + else raise "Unknown version #{target_version.to_s.inspect}" end |