新手问题 Rails 环境搭建，提示安全警告

Unknow user · January 08, 2013 · Last by lnliuxu replied at May 31, 2015 · 5618 hits

照着教程搭建了 Rails 的环境，能够正常运行，但是会但一个警告，如下： SECURITY WARNING: No secret option provided to Rack::Session::Cookie. This poses a security threat. It is strongly recommended that you provide a secret to prevent exploits that may be possible from crafted cookies. This will not be supported in future versions of Rack, and future versions will even invalidate your existing user cookies.

Called from: /home/soledad/.rvm/gems/ruby-1.9.3-p362/gems/actionpack-3.2.10/lib/action_dispatch/middleware/session/abstract_store.rb:28:in `initialize'.

服务器是正常允许的，rails 是 3.2.10 版本，想请教一下，是不是配置有些什么问题？

1 likes

ericguo #1 January 08, 2013

stackoverflow已经有讨论，无需修正，或者硬要修的话，修改/home/soledad/.rvm/gems/ruby-1.9.3-p327/gems/actionpack-3.2.10/lib/action_dispatch/middleware/session 目录下的 abstract_store.rb，插一行即可：

module Compatibility
  def initialize(app, options = {})
    options[:key] ||= '_session_id'
    options[:secret] ||= Rails.application.config.secret_token # insert this line, only a temp solution
    super
  end

2 likes

Unknow user #2 January 08, 2013

非常感谢

lonely21475 #3 January 04, 2014

正好遇到这个问题，收下了，哈哈

Unknow user #4 May 31, 2015

才遇到。。。惭愧啊新手

You need to Sign in before reply, if you don't have an account, please Sign up first.