method

ensure_secret_secure

Ruby on Rails latest stable (v3.2.13) - 0 notes - Class: ActionDispatch::Cookies::SignedCookieJar

1.0.0
1.1.0
1.1.1
1.1.6
1.2.0
1.2.6
2.0.0
2.0.1
2.0.3
2.1.0
2.2.1
2.3.2
2.3.8
3.0.0 (0)
3.0.5 (0)
3.0.7 (0)
3.0.9 (-38)
3.1.0 (0)
3.2.1 (0)
3.2.3 (0)
3.2.8 (0)
3.2.13 (0)
What's this?

ensure_secret_secure(secret) protected

To prevent users from using something insecure like “Password” we make sure that the secret they’ve provided is at least 30 characters in length.

Show source

# File actionpack/lib/action_dispatch/middleware/cookies.rb, line 317
      def ensure_secret_secure(secret)
        if secret.blank?
          raise ArgumentError, "A secret is required to generate an " +
            "integrity hash for cookie session data. Use " +
            "config.secret_token = \"some secret phrase of at " +
            "least #{SECRET_MIN_LENGTH} characters\"" +
            "in config/initializers/secret_token.rb"
        end

        if secret.length < SECRET_MIN_LENGTH
          raise ArgumentError, "Secret should be something secure, " +
            "like \"#{SecureRandom.hex(16)}\". The value you " +
            "provided, \"#{secret}\", is shorter than the minimum length " +
            "of #{SECRET_MIN_LENGTH} characters"
        end
      end

ensure_secret_secure

Related methods

Flowdock - Team Inbox With Chat