mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Merge pull request #33605 from assain/purpose-metadata-changelog-and-tests
Changelog and improved tests for purpose metadata added to cookies
This commit is contained in:
commit
d25e65a514
2 changed files with 20 additions and 8 deletions
|
@ -1,3 +1,19 @@
|
||||||
|
* Purpose metadata for signed/encrypted cookies.
|
||||||
|
|
||||||
|
Rails can now thwart attacks that attempt to copy signed/encrypted value
|
||||||
|
of a cookie and use it as the value of another cookie.
|
||||||
|
|
||||||
|
It does so by stashing the cookie-name in the purpose field which is
|
||||||
|
then signed/encrypted along with the cookie value. Then, on a server-side
|
||||||
|
read, we verify the cookie-names and discard any attacked cookies.
|
||||||
|
|
||||||
|
Enable `action_dispatch.use_cookies_with_metadata` to use this feature, which
|
||||||
|
writes cookies with the new purpose and expiry metadata embedded.
|
||||||
|
|
||||||
|
Pull Request: #32937
|
||||||
|
|
||||||
|
*Assain Jaleel*
|
||||||
|
|
||||||
* Raises `ActionController::RespondToMismatchError` with confliciting `respond_to` invocations.
|
* Raises `ActionController::RespondToMismatchError` with confliciting `respond_to` invocations.
|
||||||
|
|
||||||
`respond_to` can match multiple types and lead to undefined behavior when
|
`respond_to` can match multiple types and lead to undefined behavior when
|
||||||
|
|
|
@ -1405,8 +1405,7 @@ class CookiesTest < ActionController::TestCase
|
||||||
|
|
||||||
assert_equal "5-2-Stable Chocolate Cookies", cookies.encrypted[:favorite]
|
assert_equal "5-2-Stable Chocolate Cookies", cookies.encrypted[:favorite]
|
||||||
|
|
||||||
freeze_time do
|
travel 1001.years do
|
||||||
travel 1001.years
|
|
||||||
assert_nil cookies.encrypted[:favorite]
|
assert_nil cookies.encrypted[:favorite]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -1422,8 +1421,7 @@ class CookiesTest < ActionController::TestCase
|
||||||
|
|
||||||
assert_equal "5-2-Stable Choco Chip Cookie", cookies.signed[:favorite]
|
assert_equal "5-2-Stable Choco Chip Cookie", cookies.signed[:favorite]
|
||||||
|
|
||||||
freeze_time do
|
travel 1001.years do
|
||||||
travel 1001.years
|
|
||||||
assert_nil cookies.signed[:favorite]
|
assert_nil cookies.signed[:favorite]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -1439,8 +1437,7 @@ class CookiesTest < ActionController::TestCase
|
||||||
|
|
||||||
assert_equal "5-2-Stable Chocolate Cookies", cookies.encrypted[:favorite]
|
assert_equal "5-2-Stable Chocolate Cookies", cookies.encrypted[:favorite]
|
||||||
|
|
||||||
freeze_time do
|
travel 1001.years do
|
||||||
travel 1001.years
|
|
||||||
assert_nil cookies.encrypted[:favorite]
|
assert_nil cookies.encrypted[:favorite]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -1456,8 +1453,7 @@ class CookiesTest < ActionController::TestCase
|
||||||
|
|
||||||
assert_equal "5-2-Stable Choco Chip Cookie", cookies.signed[:favorite]
|
assert_equal "5-2-Stable Choco Chip Cookie", cookies.signed[:favorite]
|
||||||
|
|
||||||
freeze_time do
|
travel 1001.years do
|
||||||
travel 1001.years
|
|
||||||
assert_nil cookies.signed[:favorite]
|
assert_nil cookies.signed[:favorite]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue