aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--activesupport/CHANGELOG.md8
-rw-r--r--activesupport/lib/active_support/railtie.rb7
-rw-r--r--guides/source/caching_with_rails.md6
-rw-r--r--guides/source/configuring.md2
-rw-r--r--railties/lib/rails/application/configuration.rb1
-rw-r--r--railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt3
-rw-r--r--railties/test/application/configuration_test.rb20
-rw-r--r--railties/test/application/per_request_digest_cache_test.rb2
8 files changed, 32 insertions, 17 deletions
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index 8378de5061..a21a817fbb 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -7,12 +7,12 @@
*Daniel Ma*
-* Allow the hash function used to generate non-sensitive digests, such as the
- ETag header, to be specified with `config.active_support.hash_digest_class`.
+* Use SHA-1 to generate non-sensitive digests, such as the ETag header.
- The object provided must respond to `#hexdigest`, e.g. `Digest::SHA1`.
+ Enabled by default for new apps; upgrading apps can opt in by setting
+ `config.active_support.use_sha1_digests = true`.
- *Dmitri Dolguikh*
+ *Dmitri Dolguikh*, *Eugene Kenny*
## Rails 5.2.0.beta2 (November 28, 2017) ##
diff --git a/activesupport/lib/active_support/railtie.rb b/activesupport/lib/active_support/railtie.rb
index 6b8fa676a9..605b50d346 100644
--- a/activesupport/lib/active_support/railtie.rb
+++ b/activesupport/lib/active_support/railtie.rb
@@ -70,9 +70,10 @@ module ActiveSupport
end
initializer "active_support.set_hash_digest_class" do |app|
- if app.config.active_support.hash_digest_class
- ActiveSupport::Digest.hash_digest_class =
- app.config.active_support.hash_digest_class
+ config.after_initialize do
+ if app.config.active_support.use_sha1_digests
+ ActiveSupport::Digest.hash_digest_class = ::Digest::SHA1
+ end
end
end
end
diff --git a/guides/source/caching_with_rails.md b/guides/source/caching_with_rails.md
index 780e69c146..cd9f4b4a68 100644
--- a/guides/source/caching_with_rails.md
+++ b/guides/source/caching_with_rails.md
@@ -100,9 +100,9 @@ called key-based expiration.
Cache fragments will also be expired when the view fragment changes (e.g., the
HTML in the view changes). The string of characters at the end of the key is a
-template tree digest. It is an MD5 hash computed based on the contents of the
-view fragment you are caching. If you change the view fragment, the MD5 hash
-will change, expiring the existing file.
+template tree digest. It is a hash digest computed based on the contents of the
+view fragment you are caching. If you change the view fragment, the digest will
+change, expiring the existing file.
TIP: Cache stores like Memcached will automatically delete old cache files.
diff --git a/guides/source/configuring.md b/guides/source/configuring.md
index 1668f9e81a..879a1ea89f 100644
--- a/guides/source/configuring.md
+++ b/guides/source/configuring.md
@@ -672,6 +672,8 @@ There are a few configuration options available in Active Support:
* `config.active_support.time_precision` sets the precision of JSON encoded time values. Defaults to `3`.
+* `config.active_support.use_sha1_digests` specifies whether to use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. Defaults to false.
+
* `ActiveSupport::Logger.silencer` is set to `false` to disable the ability to silence logging in a block. The default is `true`.
* `ActiveSupport::Cache::Store.logger` specifies the logger to use within cache store operations.
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 5d8d6740c8..f02aef94e0 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -102,6 +102,7 @@ module Rails
if respond_to?(:active_support)
active_support.use_authenticated_message_encryption = true
+ active_support.use_sha1_digests = true
end
if respond_to?(:action_controller)
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt
index ae665b960a..b4ef455802 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt
@@ -25,3 +25,6 @@
# Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and
# 'f' after migrating old data.
# Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true
+
+# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header.
+# Rails.application.config.active_support.use_sha1_digests = true
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 437b1ded72..5f932f38db 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -1914,17 +1914,25 @@ module ApplicationTests
assert_equal true, ActiveSupport::MessageEncryptor.use_authenticated_message_encryption
end
- test "config.active_support.hash_digest_class is Digest::MD5 by default" do
+ test "ActiveSupport::Digest.hash_digest_class is Digest::SHA1 by default for new apps" do
+ app "development"
+
+ assert_equal Digest::SHA1, ActiveSupport::Digest.hash_digest_class
+ end
+
+ test "ActiveSupport::Digest.hash_digest_class is Digest::MD5 by default for upgraded apps" do
+ remove_from_config '.*config\.load_defaults.*\n'
+
app "development"
assert_equal Digest::MD5, ActiveSupport::Digest.hash_digest_class
end
- test "config.active_support.hash_digest_class can be configured" do
- app_file "config/environments/development.rb", <<-RUBY
- Rails.application.configure do
- config.active_support.hash_digest_class = Digest::SHA1
- end
+ test "ActiveSupport::Digest.hash_digest_class can be configured via config.active_support.use_sha1_digests" do
+ remove_from_config '.*config\.load_defaults.*\n'
+
+ app_file "config/initializers/new_framework_defaults_5_2.rb", <<-RUBY
+ Rails.application.config.active_support.use_sha1_digests = true
RUBY
app "development"
diff --git a/railties/test/application/per_request_digest_cache_test.rb b/railties/test/application/per_request_digest_cache_test.rb
index e9bc91785c..10d3313f6e 100644
--- a/railties/test/application/per_request_digest_cache_test.rb
+++ b/railties/test/application/per_request_digest_cache_test.rb
@@ -59,7 +59,7 @@ class PerRequestDigestCacheTest < ActiveSupport::TestCase
assert_equal 200, last_response.status
values = ActionView::LookupContext::DetailsKey.digest_caches.first.values
- assert_equal [ "8ba099b7749542fe765ff34a6824d548" ], values
+ assert_equal [ "effc8928d0b33535c8a21d24ec617161" ], values
assert_equal %w(david dingus), last_response.body.split.map(&:strip)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 01:47:57 +0000