From 44f20f7c3907d500adde0edc87c90b2cd339acea Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Wed, 22 Mar 2017 10:10:16 +0100
Subject: webapp: add secret_key_base to config

This replaces the secret_token from rails 4.1 on.

Both are used for securing cookies in the browser. The secret_key_base
will also encrypt the cookies while the token will only sign them.

Keeping the token in there for now allows us to migrate existing sessions
/ cookies to the new secrets. We can remove it in the next version once
all providers have run with secret_key_base for a while.
---
 provider_base/services/webapp.json | 1 +
 1 file changed, 1 insertion(+)

(limited to 'provider_base')

diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 064d5b1a..ede3bf66 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -23,6 +23,7 @@
     "invite_required": "= provider.enrollment_policy == 'invite'",
     "default_service_level": "= provider.service.default_service_level",
     "service_levels": "= service_levels()",
+    "secret_key_base": "= secret :webapp_secret_key_base",
     "secret_token": "= secret :webapp_secret_token",
     "api_version": 1,
     "secure": false,
-- 
cgit v1.2.3