aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_dispatch')
-rw-r--r--actionpack/lib/action_dispatch/middleware/cookies.rb10
1 files changed, 6 insertions, 4 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index ff83c4beca..8d7884b3b5 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -567,17 +567,19 @@ module ActionDispatch
class EncryptedCookieJar < AbstractCookieJar # :nodoc:
include SerializedCookieJars
+ DEFAULT_CIPHER = 'aes-256-cbc'
- def initialize(parent_jar)
- super
+ def initialize(parent_jar, cipher: DEFAULT_CIPHER)
+ super(parent_jar)
if ActiveSupport::LegacyKeyGenerator === key_generator
raise "You didn't set secrets.secret_key_base, which is required for this cookie jar. " +
"Read the upgrade documentation to learn more about this new config option."
end
- secret = key_generator.generate_key(request.encrypted_cookie_salt || "")
- sign_secret = key_generator.generate_key(request.encrypted_signed_cookie_salt || "")
+ key_len = OpenSSL::Cipher.new(cipher).key_len
+ secret = key_generator.generate_key(request.encrypted_cookie_salt || '')[0, key_len]
+ sign_secret = key_generator.generate_key(request.encrypted_signed_cookie_salt || '')
@encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 12:08:06 +0000