错误“安全警告:没有提供给 Rack::Session::Cookie 的秘密选项" [英] Error 'SECURITY WARNING: No secret option provided to Rack::Session::Cookie'
问题描述
可能的重复:
没有为 Rack::Session::Cookie 警告提供秘密选项?
在创建脚手架时,我今天遇到了这个错误:
While creating scaffolding, I got this error today:
安全警告:没有提供给 Rack::Session::Cookie 的秘密选项.这构成了安全威胁.强烈建议您提供一个秘密,以防止可能通过精心制作的 cookie 进行攻击.这在 Rack 的未来版本中将不支持,未来版本甚至会使您现有的用户 cookie 失效.
SECURITY WARNING: No secret option provided to Rack::Session::Cookie. This poses a security threat. It is strongly recommended that you provide a secret to prevent exploits that may be possible from crafted cookies. This will not be supported in future versions of Rack, and future versions will even invalidate your existing user cookies.
但是key是在config/initializers/secret_token.rb中设置的.
But the key is set in config/initializers/secret_token.rb.
我应该做些什么还是这只是一个标准警告,我可以放心地忽略它,因为我已经有了钥匙?
Am I supposed to do anything or is this just a standard warning which I can safely ignore since I already have the key?
推荐答案
这是一个已知的问题,正在讨论中.这是由于升级到 Rack 1.4.2 和您的选择.根据知情人士的说法,在 Rails 更新解决方案之前,您应该忽略错误或降级到 Rack 1.4.1 ;)
This is a known issue under discussion. It is due to the upgrade to Rack 1.4.2 and your choices. Until Rails is updated with a solution, your should ignore the error or downgrade to Rack 1.4.1, according to the people that know ;)
这篇关于错误“安全警告:没有提供给 Rack::Session::Cookie 的秘密选项"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
