aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib/rails
diff options
context:
space:
mode:
authorKasper Timm Hansen <kaspth@gmail.com>2018-08-12 19:02:38 +0200
committerGitHub <noreply@github.com>2018-08-12 19:02:38 +0200
commit14d3c7c2c9b89fe76a3677f99d102dd6ca729927 (patch)
tree5e3b2acdd55627088a99e91494481645e365c35e /railties/lib/rails
parentba1dab1e3b32a7c81cb9b8bdc22429f6620a3833 (diff)
parent1cda4fb5df519080032c9c0a16d3c4f8cf1f3d2c (diff)
downloadrails-14d3c7c2c9b89fe76a3677f99d102dd6ca729927.tar.gz
rails-14d3c7c2c9b89fe76a3677f99d102dd6ca729927.tar.bz2
rails-14d3c7c2c9b89fe76a3677f99d102dd6ca729927.zip
Merge pull request #32937 from assain/add-purpose-to-cookies
Add Purpose Metadata to Cookies
Diffstat (limited to 'railties/lib/rails')
-rw-r--r--railties/lib/rails/application.rb1
-rw-r--r--railties/lib/rails/application/configuration.rb4
-rw-r--r--railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt7
3 files changed, 12 insertions, 0 deletions
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 31d0d65a30..99e42ebefb 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -267,6 +267,7 @@ module Rails
"action_dispatch.cookies_serializer" => config.action_dispatch.cookies_serializer,
"action_dispatch.cookies_digest" => config.action_dispatch.cookies_digest,
"action_dispatch.cookies_rotations" => config.action_dispatch.cookies_rotations,
+ "action_dispatch.use_cookies_with_metadata" => config.action_dispatch.use_cookies_with_metadata,
"action_dispatch.content_security_policy" => config.content_security_policy,
"action_dispatch.content_security_policy_report_only" => config.content_security_policy_report_only,
"action_dispatch.content_security_policy_nonce_generator" => config.content_security_policy_nonce_generator
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 9c54cc1f37..9eb07219e0 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -120,6 +120,10 @@ module Rails
if respond_to?(:action_view)
action_view.default_enforce_utf8 = false
end
+
+ if respond_to?(:action_dispatch)
+ action_dispatch.use_cookies_with_metadata = true
+ end
else
raise "Unknown version #{target_version.to_s.inspect}"
end
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt
index 179b97de4a..54eb0cb1d2 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_6_0.rb.tt
@@ -8,3 +8,10 @@
# Don't force requests from old versions of IE to be UTF-8 encoded
# Rails.application.config.action_view.default_enforce_utf8 = false
+
+# Embed purpose and expiry metadata inside signed and encrypted
+# cookies for increased security.
+#
+# This option is not backwards compatible with earlier Rails versions.
+# It's best enabled when your entire app is migrated and stable on 6.0.
+# Rails.application.config.action_dispatch.use_cookies_with_metadata = true