SECURITY WARNING - Rails Generate static_pages

Question

I'm going through the RailsTutorial and I'm stuck on the Test driven development section.

when I call

$ rails generate integration_test static_pages

    SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
    This poses a security threat. It is strongly recommended that you
    provide a secret to prevent exploits that may be possible from crafted
    cookies. This will not be supported in future versions of Rack, and
    future versions will even invalidate your existing user cookies.

    Called from: /Users/Marcus/.rvm/gems/ruby-1.9.3-p448@rails3tutorial2ndEd/gems/actionpack-3.2.3/lib/action_dispatch/middleware/session/abstract_store.rb:28:in `initialize'.

I have received a similar error when I run

$ rails server


Marcuss-MacBook-Pro-2:public Marcus$ rails s
=> Booting WEBrick
=> Rails 3.2.3 application starting in development on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
    SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
    This poses a security threat. It is strongly recommended that you
    provide a secret to prevent exploits that may be possible from crafted
    cookies. This will not be supported in future versions of Rack, and
    future versions will even invalidate your existing user cookies.

    Called from: /Users/Marcus/.rvm/gems/ruby-1.9.3-p448@rails3tutorial2ndEd/gems/actionpack-3.2.3/lib/action_dispatch/middleware/session/abstract_store.rb:28:in `initialize'.

The server will run, but this error occurs. Does anyone know how to solve this issue?

Thanks - let me know if you need any more information.

loot at http://stackoverflow.com/questions/10374871/no-secret-option-provided-to-racksessioncookie-warning?rq=1 — Baldrick, Nov 07 '13 at 07:58
There are already two questions about this on SO, please use the search feature first before posting a question. They also pop up on google when searching for the first line of your error message. — pdu, Nov 07 '13 at 09:05
Everything I have read says to ignore it (including answers to this question), but I can't ignore it and keep a working program. Is there any way to get around it? — Marcus, Nov 10 '13 at 06:26
@mhsmith21: you should read the answers more carefully. It says to ignore it _for the time being_, because it _was_ a bug. The bug is long since fixed, so just upgrade your rails version. Accept carols10cents answer ;) — nathanvda, Nov 19 '13 at 13:05

score 5 · Accepted Answer · answered Nov 15 '13 at 02:08

It looks like you are using Rails 3.2.3. This issue was fixed in Rails 3.2.11. Upgrading Rails to the latest in the 3.2 series (currently 3.2.15) will fix this issue, as well as protect you from some serious security flaws that were fixed in versions higher than the one you're using.

score -1 · Answer 2 · answered Nov 07 '13 at 09:04

-1

This security warning was introduced in rack 1.4.2 released on rubygems.org on 6 Jan 2013. Its not going to change to your work on your app, so best to ignore it.

answered Nov 07 '13 at 09:04

Zedrian

909
9
29

SECURITY WARNING - Rails Generate static_pages

2 Answers2