From 1cda4fb5df519080032c9c0a16d3c4f8cf1f3d2c Mon Sep 17 00:00:00 2001
From: Assain <assainjaleel20@gmail.com>
Date: Sat, 19 May 2018 13:31:57 +0530
Subject: Purpose Metadata For Signed And Encrypted Cookies

Purpose metadata prevents cookie values from being
copy-pasted and ensures that the cookie is used only
for its originally intended purpose.

The Purpose and Expiry metadata are embedded inside signed/encrypted
cookies and will not be readable on previous versions of Rails.

We can switch off purpose and expiry metadata embedded in
signed and encrypted cookies using

	config.action_dispatch.use_cookies_with_metadata = false

if you want your cookies to be readable on older versions of Rails.
---
 railties/lib/rails/application/configuration.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'railties/lib/rails/application/configuration.rb')

diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 9c54cc1f37..9eb07219e0 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -120,6 +120,10 @@ module Rails
           if respond_to?(:action_view)
             action_view.default_enforce_utf8 = false
           end
+
+          if respond_to?(:action_dispatch)
+            action_dispatch.use_cookies_with_metadata = true
+          end
         else
           raise "Unknown version #{target_version.to_s.inspect}"
         end
-- 
cgit v1.2.3