Skip to content

[LiveComponent] Use container.build_hash instead of kernel.secret in CacheWarmer#2451

Merged
smnandre merged 4 commits into
symfony:2.xfrom
dkarlovi:patch-1
Dec 24, 2024
Merged

[LiveComponent] Use container.build_hash instead of kernel.secret in CacheWarmer#2451
smnandre merged 4 commits into
symfony:2.xfrom
dkarlovi:patch-1

Conversation

@dkarlovi

@dkarlovi dkarlovi commented Dec 18, 2024

Copy link
Copy Markdown
Contributor
Q A
Bug fix? yes
New feature? no
Issues Fix #2419
License MIT

@carsonbot carsonbot added Bug Bug Fix Status: Needs Review Needs to be reviewed labels Dec 18, 2024
@dkarlovi dkarlovi changed the title Patch 1 fix: pass container.build_hash instead of kernel.secret to the Twig cache warmer as a reproducible naming seed Dec 18, 2024
@smnandre

smnandre commented Dec 18, 2024

Copy link
Copy Markdown
Member

Nice if this solution works for everyone!

Depending on the feedback people give, we should probably add some tests to prevent problems in the future.

@smnandre smnandre changed the title fix: pass container.build_hash instead of kernel.secret to the Twig cache warmer as a reproducible naming seed [LiveComponent] Use container.build_hash instead of kernel.secret in CacheWarmer Dec 18, 2024
@smnandre

smnandre commented Dec 18, 2024

Copy link
Copy Markdown
Member

Should we do the same for the FingerprintCalculator / Hydrator ?

(they should only be called on runtime)

@dkarlovi

dkarlovi commented Dec 18, 2024
edited
Loading

Copy link
Copy Markdown
Contributor Author

AFAIK, they are actually using the secret as intended? The secret is required for cryptography there? I might be mistaken, feel free to correct me.

Edit: correct, I've checked it and the secret usage there is indeed cryptographic and correct. I've actually reverse engineered this specific part of code in a Node app (to enable the Node app to render correct live components), it must use the secret too (the secret is shared with the Node app). It would be cool if you could specific a LiveComponent-specific secret (so, not use kernel.secret) to improve the security, but that's not something we should do in this PR. @smnandre

@dkarlovi dkarlovi mentioned this pull request Dec 19, 2024
Closed
smnandre
smnandre approved these changes Dec 20, 2024
View reviewed changes

@smnandre smnandre left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a line in the changelog ?

@carsonbot carsonbot added Status: Reviewed Has been reviewed by a maintainer and removed Status: Needs Review Needs to be reviewed labels Dec 20, 2024
@dkarlovi

dkarlovi commented Dec 20, 2024

Copy link
Copy Markdown
Contributor Author

@smnandre done.

nicolas-grekas
nicolas-grekas reviewed Dec 20, 2024
View reviewed changes
Comment thread src/LiveComponent/CHANGELOG.md Outdated
@smnandre

smnandre commented Dec 24, 2024

Copy link
Copy Markdown
Member

Thank you @dkarlovi.

@smnandre smnandre merged commit 41a7062 into symfony:2.x Dec 24, 2024
@dkarlovi dkarlovi deleted the patch-1 branch December 24, 2024 08:04
@dkarlovi

dkarlovi commented Jan 2, 2025

Copy link
Copy Markdown
Contributor Author

@smnandre IMO a bugfix release with this would be in order since it's blocking using Symfony 7.2 in specific cases completely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas left review comments

@smnandre smnandre smnandre approved these changes

Assignees

No one assigned

Labels

Bug Bug Fix Status: Reviewed Has been reviewed by a maintainer

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[LiveComponent] TemplateCacheWarmer needs non available kernel.secret to build the template map

4 participants

@dkarlovi @smnandre @nicolas-grekas @carsonbot