Preconfigured "secret" token
stbuehler opened this issue · comments
Stefan Bühler commented
Juvia::Application.config.secret_token
is supposed to be a secret token; it has to be generated for each instance configured.
Right now probably most people running juvia will use the "secret" published in this repo.
The secret should be set in a config file; in production/development it should not start without a secret, test should probably have its own default secret.
Stefan Bühler commented
Proposal to read from ENV, application.yml and then generating secret on the fly: stbuehler@20f8bce