method

ensure_secret_secure

rails latest stable - Class: ActionDispatch::Cookies::SignedCookieJar

ensure_secret_secure(secret)

protected

To prevent users from using something insecure like “Password” we make sure that the secret they’ve provided is at least 30 characters in length.

# File actionpack/lib/action_dispatch/middleware/cookies.rb, line 317
      def ensure_secret_secure(secret)
        if secret.blank?
          raise ArgumentError, "A secret is required to generate an " +
            "integrity hash for cookie session data. Use " +
            "config.secret_token = \"some secret phrase of at " +
            "least #{SECRET_MIN_LENGTH} characters\"" +
            "in config/initializers/secret_token.rb"
        end

        if secret.length < SECRET_MIN_LENGTH
          raise ArgumentError, "Secret should be something secure, " +
            "like \"#{SecureRandom.hex(16)}\". The value you " +
            "provided, \"#{secret}\", is shorter than the minimum length " +
            "of #{SECRET_MIN_LENGTH} characters"
        end
      end

ensure_secret_secure

Method deprecated or moved

Related methods