diff options
author | Kasper Timm Hansen <kaspth@gmail.com> | 2018-08-12 19:02:38 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-12 19:02:38 +0200 |
commit | 14d3c7c2c9b89fe76a3677f99d102dd6ca729927 (patch) | |
tree | 5e3b2acdd55627088a99e91494481645e365c35e /railties/lib/rails | |
parent | ba1dab1e3b32a7c81cb9b8bdc22429f6620a3833 (diff) | |
parent | 1cda4fb5df519080032c9c0a16d3c4f8cf1f3d2c (diff) | |
download | rails-14d3c7c2c9b89fe76a3677f99d102dd6ca729927.tar.gz rails-14d3c7c2c9b89fe76a3677f99d102dd6ca729927.tar.bz2 rails-14d3c7c2c9b89fe76a3677f99d102dd6ca729927.zip |
Merge pull request #32937 from assain/add-purpose-to-cookies
Add Purpose Metadata to Cookies
Diffstat (limited to 'railties/lib/rails')
3 files changed, 12 insertions, 0 deletions
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 31d0d65a30..99e42ebefb 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -267,6 +267,7 @@ module Rails "action_dispatch.cookies_serializer" => config.action_dispatch.cookies_serializer, "action_dispatch.cookies_digest" => config.action_dispatch.cookies_digest, "action_dispatch.cookies_rotations" => config.action_dispatch.cookies_rotations, + "action_dispatch.use_cookies_with_metadata" => config.action_dispatch.use_cookies_with_metadata, "action_dispatch.content_security_policy" => config.content_security_policy, "action_dispatch.content_security_policy_report_only" => config.content_security_policy_report_only, "action_dispatch.content_security_policy_nonce_generator" => config.content_security_policy_nonce_generator diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb index 9c54cc1f37..9eb07219e0 100644 --- a/railties/lib/rails/application/configuration.rb +++ b/railties/lib/rails/application/configuration.rb @@ -120,6 +120,10 @@ module Rails if respond_to?(:action_view) action_view.default_enforce_utf8 = false end + + if respond_to?(:action_dispatch) + action_dispatch.use_cookies_with_metadata = true + end else raise "Unknown version #{target_version.to_s.inspect}" end diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt index 179b97de4a..54eb0cb1d2 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt @@ -8,3 +8,10 @@ # Don't force requests from old versions of IE to be UTF-8 encoded # Rails.application.config.action_view.default_enforce_utf8 = false + +# Embed purpose and expiry metadata inside signed and encrypted +# cookies for increased security. +# +# This option is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 6.0. +# Rails.application.config.action_dispatch.use_cookies_with_metadata = true |