diff options
| author | Azul <azul@riseup.net> | 2017-03-22 10:10:16 +0100 |
|---|---|---|
| committer | Azul <azul@riseup.net> | 2017-03-22 10:10:16 +0100 |
| commit | 44f20f7c3907d500adde0edc87c90b2cd339acea (patch) | |
| tree | ae84426cb988ebee7db1d2e9da5b77f016b998df /provider_base/services | |
| parent | 4dbb2c726b7594685ed7857a3f2f89d9a08f36ff (diff) | |
webapp: add secret_key_base to config
This replaces the secret_token from rails 4.1 on.
Both are used for securing cookies in the browser. The secret_key_base
will also encrypt the cookies while the token will only sign them.
Keeping the token in there for now allows us to migrate existing sessions
/ cookies to the new secrets. We can remove it in the next version once
all providers have run with secret_key_base for a while.
Diffstat (limited to 'provider_base/services')
| -rw-r--r-- | provider_base/services/webapp.json | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 064d5b1a..ede3bf66 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -23,6 +23,7 @@ "invite_required": "= provider.enrollment_policy == 'invite'", "default_service_level": "= provider.service.default_service_level", "service_levels": "= service_levels()", + "secret_key_base": "= secret :webapp_secret_key_base", "secret_token": "= secret :webapp_secret_token", "api_version": 1, "secure": false, |