summaryrefslogtreecommitdiff
path: root/provider_base
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2017-03-22 10:10:16 +0100
committerAzul <azul@riseup.net>2017-03-22 10:10:16 +0100
commit44f20f7c3907d500adde0edc87c90b2cd339acea (patch)
treeae84426cb988ebee7db1d2e9da5b77f016b998df /provider_base
parent4dbb2c726b7594685ed7857a3f2f89d9a08f36ff (diff)
webapp: add secret_key_base to config
This replaces the secret_token from rails 4.1 on. Both are used for securing cookies in the browser. The secret_key_base will also encrypt the cookies while the token will only sign them. Keeping the token in there for now allows us to migrate existing sessions / cookies to the new secrets. We can remove it in the next version once all providers have run with secret_key_base for a while.
Diffstat (limited to 'provider_base')
-rw-r--r--provider_base/services/webapp.json1
1 files changed, 1 insertions, 0 deletions
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 064d5b1a..ede3bf66 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -23,6 +23,7 @@
"invite_required": "= provider.enrollment_policy == 'invite'",
"default_service_level": "= provider.service.default_service_level",
"service_levels": "= service_levels()",
+ "secret_key_base": "= secret :webapp_secret_key_base",
"secret_token": "= secret :webapp_secret_token",
"api_version": 1,
"secure": false,