diff options
| -rw-r--r-- | config/configuration.yml.example | 9 | ||||
| -rw-r--r-- | config/initializers/30-redmine.rb | 6 |
2 files changed, 15 insertions, 0 deletions
diff --git a/config/configuration.yml.example b/config/configuration.yml.example index 9fefdde22..2224cd130 100644 --- a/config/configuration.yml.example +++ b/config/configuration.yml.example @@ -154,6 +154,15 @@ default: # #mirror_plugins_assets_on_startup: false + # Your secret key for verifying cookie session data integrity. If you + # change this key, all old sessions will become invalid! Make sure the + # secret is at least 30 characters and all random, no regular words or + # you'll be exposed to dictionary attacks. + # + # If you have a load-balancing Redmine cluster, you have to use the + # same secret token on each machine. + #secret_token: 'change it to a long random string' + # specific configuration options for production environment # that overrides the default ones production: diff --git a/config/initializers/30-redmine.rb b/config/initializers/30-redmine.rb index 58972b023..11a248959 100644 --- a/config/initializers/30-redmine.rb +++ b/config/initializers/30-redmine.rb @@ -4,6 +4,12 @@ I18n::Backend::Simple.send(:include, I18n::Backend::Fallbacks) require 'redmine' +# Load the secret token from the Redmine configuration file +secret = Redmine::Configuration['secret_token'] +if secret.present? + RedmineApp::Application.config.secret_token = secret +end + Redmine::Plugin.load unless Redmine::Configuration['mirror_plugins_assets_on_startup'] == false Redmine::Plugin.mirror_assets |