Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[17.09] Append fewer characters to id_secret by default for encrypting csrf tokens. #4710

Merged
merged 1 commit into from Sep 27, 2017

Conversation

Projects
None yet
3 participants
@jmchilton
Copy link
Member

commented Sep 27, 2017

Seems there is a maximum length and main hit it. It never did for job files - so this should be fine. If you have a secret that is near the maximum lenght one just needs to set per_kind_id_secret_base to something shorter than id_secret.

Append fewer characters to id_secret by default for encrypting csrf t…
…okens.

Seems there is a maximum length and main hit it. It never did for job files - so this should be fine. If you have a secret that is near the maximum lenght one just needs to set ``per_kind_id_secret_base`` to something shorter than id_secret.
@natefoo

This comment has been minimized.

Copy link
Member

commented Sep 27, 2017

This works for Main, thanks @jmchilton!

@galaxybot galaxybot added the triage label Sep 27, 2017

@natefoo natefoo added this to the 17.09 milestone Sep 27, 2017

@natefoo natefoo merged commit d41f4ce into galaxyproject:release_17.09 Sep 27, 2017

6 checks passed

api test Build finished. 292 tests run, 4 skipped, 0 failed.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
framework test Build finished. 161 tests run, 0 skipped, 0 failed.
Details
integration test Build finished. 46 tests run, 0 skipped, 0 failed.
Details
lgtm analysis: JavaScript No alert changes
Details
toolshed test Build finished. 579 tests run, 0 skipped, 0 failed.
Details
@jmchilton

This comment has been minimized.

Copy link
Member Author

commented Sep 27, 2017

This fix fixes it for main because main had a few bits of id_secret cushion left - #4713 is a matching fix at the framework level that will work for everyone regardless of what their id_secret is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.