| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Just prefer secrets over config
|
|\
| |
| |
| | |
Allow fallback to LegacyKeyGenerator when secret_key_base is not set but secrets.secret_token is
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- `secrets.secret_token` is now used in all places `config.secret_token` was
- `secrets.secret_token`, when not present in `config/secrets.yml`,
now falls back to the value of `config.secret_token`
- when `secrets.secret_token` is set, it over-writes
`config.secret_token` so they are the same (for backwards-compatibility)
- Update docs to reference app.secrets in all places
- Remove references to `config.secret_token`, `config.secret_key_base`
- Warn that missing secret_key_base is deprecated
- Add tests for secret_token, key_generator, and message_verifier
- the legacy key generator is used with the message verifier when
secrets.secret_key_base is blank and secret_token is set
- app.key_generator raises when neither secrets.secret_key_base nor
secret_token are set
- app.env_config raises when neither secrets.secret_key_base nor
secret_token are set
- Add changelog
Run focused tests via
ruby -w -Itest test/application/configuration_test.rb -n '/secret_|key_/'
|
|/ |
|
|
|
|
| |
This seems to be the style settled on in most of the templates.
|
|
|
|
|
|
|
| |
When copying migrations some engines might depend on schema from other
engine so we can't blindly reverse all railties collection as that would
affect the order they were originally loaded. This patch helps to only
apply the order from engines specified in `railties_order`
|
|
|
|
|
|
| |
You can now configure custom digest for cookies in the same way as `serializer`:
config.action_dispatch.cookies_digest = 'SHA256'
|
| |
|
| |
|
|
|
|
| |
this means we can meaningfully override methods in the subclass
|
|
|
|
|
| |
This is a convenience for loading configuration for the current Rails
environment.
|
|
|
|
| |
This PR fixes #8930 and some stuff from #8985
|
|
|
|
|
|
|
| |
Like rake tasks and runner blocks these blocks should also being shared
between applications since they are stored at the classes.
Fixes #14748
|
|
|
|
| |
Fixes #14620
|
| |
|
|
|
|
|
|
|
|
| |
In 1.9, it doesn't live in its own file, so we'll have to define it
ourselves.
Check RUBY_VERSION, instead of rescuing the require, because we want
this to break if `psych/y` moves in a future Ruby release.
|
|\
| |
| | |
Cookies serializer improvements
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MessageEncryptor has :serializer option, where any serializer object can
be passed. This commit make it possible to set this serializer from configuration
level.
There are predefined serializers (:marshal_serializer, :json_serialzier)
and custom serializer can be passed as String, Symbol (camelized and
constantized in ActionDispatch::Session namepspace) or serializer object.
Default :json_serializer was also added to generators to provide secure
defalt.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the error was:
```
RuntimeError: You must set secret_key_base in your app's config
```
Will now be:
```
RuntimeError: Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml`
```
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
It is an application global verifier that can be used to generate and
verify signed messages.
See the documentation of ActiveSupport::MessageVerifier for more
information.
|
| |
|
| |
|
|
|
|
| |
Closes #11381
|
|
|
|
|
| |
This change provides the ability to create a new application with a
configuration which can be specified.
|
|
|
|
|
|
|
| |
The comment on the +env_config+ method is repetitive, likely to get
outdated, and provides no useful information which cannot be gleamed
from the code. I'm therefore removing it. I'm also refactoring the check
for the presence of a secret_token in the configuration.
|
|
|
|
|
|
| |
This reverts commit 7098d6c9ab28931acc9562a00037567609f9e529, reversing
changes made to 9ec2e2ee91568af24e09760a6de2890b89c33f56.
This make some tests fail /cc @wangjohn
|
|\
| |
| | |
Creating a class to build the default middleware stack.
|
| |
| |
| |
| |
| |
| |
| | |
A lot of logic for building the default middleware stack is currently
kept in Application class, but this can be encapsulated and made more
modular by being moved to its own class. Also refactored a couple of the
helper methods.
|
|/
|
|
|
|
|
|
|
| |
Railties.
The comment on the +env_config+ method is repetitive, likely to get
outdated, and provides no useful information which cannot be gleamed
from the code. I'm therefore removing it. I'm also refactoring the check
for the presence of a secret_token in the configuration.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A regression was introduced in 5b3bb6, generating route from within an
engine to an another engine resulted in prefixing a path with the
SCRIPT_NAME value.
The regression was caused by the fact that SCRIPT_NAME should be
appended only if it's the SCRIPT_NAME for the application, not if it's
SCRIPT_NAME from the current engine.
closes #10409
|
| |
|
| |
|
|
|
|
| |
Automatically configure cookie-based sessions to use the best cookie jar given the app's config
|
|
|
|
| |
signed cookies generated by Rails 3 to avoid invalidating them when upgrading to Rails 4
|
|
|
|
| |
Check 862389c9537dbb6f65fd26c4325e07607ed437b5 for more background.
|
|
|
|
| |
Check pull request #9789 for more information.
|