From 411fbb78a33a5dd32c4c2ce613850df24e77ba49 Mon Sep 17 00:00:00 2001 From: Javier Torres Date: Tue, 19 Mar 2019 15:30:32 +0100 Subject: [PATCH] Add secret_key_base config --- NEWS.md | 3 ++- config/app_config.yml.sample | 2 ++ config/initializers/secret_token.rb | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/NEWS.md b/NEWS.md index c7b61d0744..44f60e1eb0 100644 --- a/NEWS.md +++ b/NEWS.md @@ -2,7 +2,8 @@ Development ----------- ### NOTICES -- None yet +- For increased security, it's recommended to update the config to include a `secret_key_base`. You can generate a + suitable random key by using `bundle exec rake secret` ### Features * Visualizations backup revamp [#14698](https://github.com/CartoDB/cartodb/issues/14698) diff --git a/config/app_config.yml.sample b/config/app_config.yml.sample index c4347d8f13..e3f39a71fb 100644 --- a/config/app_config.yml.sample +++ b/config/app_config.yml.sample @@ -16,6 +16,8 @@ defaults: &defaults http_port: 3000 # nil|integer. HTTP port to use when building urls. Leave empty to use default (80) https_port: # nil|integer. HTTPS port to use when building urls. Leave empty to use default (443) secret_token: '71c2b25921b84a1cb21c71503ab8fb23' + # It's recommended to generate a new secret_key_base for each installation using `bundle exec rake secret` + secret_key_base: '65903fa751affcdd71a9eb09308bcb404c50c8df03414db849ea22fbe8d4aae9ff344f6594630eb9c8367b4fd8ed2211d0342a49df473dccc27ae0be120b25ab' account_host: 'localhost.lan:3000' # Here you can define other hosts different to account_host that also will be CORS enabled # cors_enabled_hosts: diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index ab0b90c925..2fb8b7b7b2 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -5,3 +5,4 @@ # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. CartoDB::Application.config.secret_token = Cartodb.config[:secret_token] +CartoDB::Application.config.secret_key_base = Cartodb.config[:secret_key_base]