diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2016-05-05 12:47:24 -0500 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2016-05-05 12:47:47 -0500 |
commit | 7b66d2cdb80a4d6b44fa8c61d92e25fbbda1f152 (patch) | |
tree | d0cfb168d34f95191f006a51c49d67614a07bbab | |
parent | 4faf2c4e46cac2038feab722609ddaa983a54c2f (diff) | |
download | rack-7b66d2cdb80a4d6b44fa8c61d92e25fbbda1f152.tar.gz |
use sha256 for ETag generation
Make ETags great again. Switch for more secure etag generation.
-rw-r--r-- | lib/rack/etag.rb | 4 | ||||
-rw-r--r-- | test/spec_etag.rb | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/lib/rack/etag.rb b/lib/rack/etag.rb index 0ecc55ab..a0041062 100644 --- a/lib/rack/etag.rb +++ b/lib/rack/etag.rb @@ -65,10 +65,10 @@ module Rack body.each do |part| parts << part - (digest ||= Digest::MD5.new) << part unless part.empty? + (digest ||= Digest::SHA256.new) << part unless part.empty? end - [digest && digest.hexdigest, parts] + [digest && digest.hexdigest.byteslice(0, 32), parts] end end end diff --git a/test/spec_etag.rb b/test/spec_etag.rb index 03680602..10ee2bd0 100644 --- a/test/spec_etag.rb +++ b/test/spec_etag.rb @@ -22,13 +22,13 @@ describe Rack::ETag do it "set ETag if none is set if status is 200" do app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, ["Hello, World!"]] } response = etag(app).call(request) - response[1]['ETag'].must_equal "W/\"65a8e27d8879283831b664bd8b7f0ad4\"" + response[1]['ETag'].must_equal "W/\"dffd6021bb2bd5b0af676290809ec3a5\"" end it "set ETag if none is set if status is 201" do app = lambda { |env| [201, {'Content-Type' => 'text/plain'}, ["Hello, World!"]] } response = etag(app).call(request) - response[1]['ETag'].must_equal "W/\"65a8e27d8879283831b664bd8b7f0ad4\"" + response[1]['ETag'].must_equal "W/\"dffd6021bb2bd5b0af676290809ec3a5\"" end it "set Cache-Control to 'max-age=0, private, must-revalidate' (default) if none is set" do |