From f37c93f3d76bcc83f20b83cfc121ff5a08d43706 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 12 Dec 2023 13:01:08 +0100 Subject: [PATCH] Change cookie rotator to use SHA1 digest for new cookies (#27392) --- config/initializers/cookie_rotator.rb | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/config/initializers/cookie_rotator.rb b/config/initializers/cookie_rotator.rb index b829b1a90b..ccc2c6b21f 100644 --- a/config/initializers/cookie_rotator.rb +++ b/config/initializers/cookie_rotator.rb @@ -1,9 +1,6 @@ # frozen_string_literal: true -# TODO: Remove after 4.2.0 -Rails.application.configure do - config.active_support.key_generator_hash_digest_class = OpenSSL::Digest::SHA1 -end +# TODO: remove this file some time after 4.3.0 Rails.application.config.after_initialize do Rails.application.config.action_dispatch.cookies_rotations.tap do |cookies| @@ -12,9 +9,8 @@ Rails.application.config.after_initialize do secret_key_base = Rails.application.secret_key_base - # TODO: Switch to SHA1 after 4.2.0 key_generator = ActiveSupport::KeyGenerator.new( - secret_key_base, iterations: 1000, hash_digest_class: OpenSSL::Digest::SHA256 + secret_key_base, iterations: 1000, hash_digest_class: OpenSSL::Digest::SHA1 ) key_len = ActiveSupport::MessageEncryptor.key_len