Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Updated CHANGELOG, docs, guides and release notes.

Also added a `cookies_serializer.rb` initializer to the app template.
  • Loading branch information...
commit 0b86a6e950ed78822470793deddbec41c6d105f5 1 parent ecf04f1
@chancancode chancancode authored
View
29 actionpack/CHANGELOG.md
@@ -1,3 +1,17 @@
+* Add new config option `config.action_dispatch.cookies_serializer` for
+ specifying a serializer for the signed and encrypted cookie jars.
+
+ The possible values are:
+
+ * `:json` - serialize cookie values with `JSON`
+ * `:marshal` - serialize cookie values with `Marshal`
+ * `:hybrid` - transparently migrate existing `Marshal` cookie values to `JSON`
+
+ For new apps `:json` option is added by default and `:marshal` is used
+ when no option is specified to maintain backwards compatibility.
+
+ *Łukasz Sarnacki*, *Matt Aimonetti*, *Guillermo Iguaran*, *Godfrey Chan*, *Rafael Mendonça França*
+
* `FlashHash` now behaves like a `HashWithIndifferentAccess`.
*Guillermo Iguaran*
@@ -20,21 +34,6 @@
*Josh Jordan*
-* Add `:serializer` option for `config.session_store :cookie_store`. This
- changes default serializer when using `:cookie_store`.
-
- It is possible to pass:
-
- * `:json` which is a secure wrapper on JSON using `JSON.parse` and
- `JSON.generate` methods with quirks mode;
- * `:marshal` which is a wrapper on Marshal;
- * serializer class with `load` and `dump` methods defined.
-
- For new apps `:json` option is added by default and :marshal is used
- when no option is specified.
-
- *Łukasz Sarnacki*, *Matt Aimonetti*
-
* Ensure that `request.filtered_parameters` is reset between calls to `process`
in `ActionController::TestCase`.
View
6 guides/source/4_1_release_notes.md
@@ -346,10 +346,8 @@ for detailed changes.
params "deep munging" that was used to address security vulnerability
CVE-2013-0155. ([Pull Request](https://github.com/rails/rails/pull/13188))
-* Added `:serializer` option for `config.session_store :cookie_store`. This
- changes default serializer when using
- `:cookie_store`. ([Pull Request](https://github.com/rails/rails/pull/13692))
-
+* New config option `config.action_dispatch.cookies_serializer` for specifying
+ a serializer for the signed and encrypted cookie jars. (Pull Requests [1](https://github.com/rails/rails/pull/13692), [2](https://github.com/rails/rails/pull/13945) / [More Details](upgrading_ruby_on_rails.html#cookies-serializer))
Action Mailer
-------------
View
19 guides/source/action_controller_overview.md
@@ -585,18 +585,23 @@ strings and deserializes them into Ruby objects on read.
You can specify what serializer to use:
```ruby
-YourApp::Application.config.cookies_serializer :json
+Rails.application.config.action_dispatch.cookies_serializer = :json
```
-The possible options are `:marshal` or `:json`. The default serializer for new
-applications is `:json`. For compatibility with old applications with existing
-cookies, `:marshal` is used when `serializer` option is not specified.
+The default serializer for new applications is `:json`. For compatibility with
+old applications with existing cookies, `:marshal` is used when `serializer`
+option is not specified.
-It is also possible to pass a custom serializer class or object that responds
-to `load` and `dump`:
+You may also set this option to `:hybrid`, in which case Rails would transparently
+deserialize existing (`Marshal`-serialized) cookies on read and re-write them in
+the `JSON` format. This is useful for migrating existing applications to the
+`:json` serializer.
+
+It is also possible to pass a custom serializer that responds to `load` and
+`dump`:
```ruby
-YourApp::Application.config.cookies_serializer MyCustomSerializer
+Rails.application.config.action_dispatch.cookies_serializer = MyCustomSerializer
```
Rendering XML and JSON data
View
13 guides/source/upgrading_ruby_on_rails.md
@@ -98,6 +98,19 @@ If your test helper contains a call to
is now done automatically when you `require 'test_help'`, although
leaving this line in your helper is not harmful in any way.
+### Cookies serializer
+
+Applications created before Rails 4.1 uses `Marshal` to serialize cookie values into
+the signed and encrypted cookie jars. If you want to use the new `JSON`-based format
+in your application, you can add an initializer file with the following content:
+
+ ```ruby
+ Rails.application.config.cookies_serializer :hybrid
+ ```
+
+This would transparently migrate your existing `Marshal`-serialized cookies into the
+new `JSON`-based format.
+
### Changes in JSON handling
There are a few major changes related to JSON handling in Rails 4.1.
View
3  railties/lib/rails/generators/rails/app/templates/config/initializers/cookies_serializer.rb
@@ -0,0 +1,3 @@
+# Be sure to restart your server when you modify this file.
+
+Rails.application.config.action_dispatch.cookies_serializer = :json
Please sign in to comment.
Something went wrong with that request. Please try again.