5a3ba63d9a
This commit changes encrypted cookies from AES in CBC HMAC mode to Authenticated Encryption using AES-GCM. It also provides a cookie jar to transparently upgrade encrypted cookies to this new scheme. Some other notable changes include: - There is a new application configuration value: +use_authenticated_cookie_encryption+. When enabled, AEAD encrypted cookies will be used. - +cookies.signed+ does not raise a +TypeError+ now if the name of an encrypted cookie is used. Encrypted cookies using the same key as signed cookies would be verified and serialization would then fail due the message still be encrypted.
1.6 KiB
-
AEAD encrypted cookies and sessions with GCM
Encrypted cookies now use AES-GCM which couples authentication and encryption in one faster step and produces shorter ciphertexts. Cookies encrypted using AES in CBC HMAC mode will be seamlessly upgraded when this new mode is enabled via the
action_dispatch.use_authenticated_cookie_encryptionconfiguration value.Michael J Coyne
-
Change the cache key format for fragments to make it easier to debug key churn. The new format is:
views/template/action.html.erb:7a1156131a6928cb0026877f8b749ac9/projects/123 ^template path ^template tree digest ^class ^idDHH
-
Add support for recyclable cache keys with fragment caching. This uses the new versioned entries in the
ActiveSupport::Cachestores and relies on the fact that Active Record has split#cache_keyand#cache_versionto support it.DHH
-
Add
action_controller_apiandaction_controller_baseload hooks to be called inActiveSupport.on_loadActionController::BaseandActionController::APIhave differing implementations. This means that the one umbrella hookaction_controlleris not able to address certain situations where a method may not exist in a certain implementation.This is fixed by adding two new hooks so you can target
ActionController::BasevsActionController::APIFixes #27013.
Julian Nadeau
Please check 5-1-stable for previous changes.