Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[LiveComponent] Use container.build_hash instead of kernel.secret in CacheWarmer #2451

Merged
merged 4 commits into from
Dec 24, 2024
Merged

[LiveComponent] Use container.build_hash instead of kernel.secret in CacheWarmer #2451

merged 4 commits into from
Dec 24, 2024

Conversation

dkarlovi
Copy link
Contributor

Q A
Bug fix? yes
New feature? no
Issues Fix #2419
License MIT

@carsonbot carsonbot added Bug Bug Fix Status: Needs Review Needs to be reviewed labels Dec 18, 2024
@dkarlovi dkarlovi changed the title Patch 1 fix: pass container.build_hash instead of kernel.secret to the Twig cache warmer as a reproducible naming seed Dec 18, 2024
@smnandre
Copy link
Member

Nice if this solution works for everyone!

Depending on the feedback people give, we should probably add some tests to prevent problems in the future.

@smnandre smnandre changed the title fix: pass container.build_hash instead of kernel.secret to the Twig cache warmer as a reproducible naming seed [LiveComponent] Use container.build_hash instead of kernel.secret in CacheWarmer Dec 18, 2024
@smnandre
Copy link
Member

Should we do the same for the FingerprintCalculator / Hydrator ?

(they should only be called on runtime)

@dkarlovi
Copy link
Contributor Author

dkarlovi commented Dec 18, 2024
edited
Loading

AFAIK, they are actually using the secret as intended? The secret is required for cryptography there? I might be mistaken, feel free to correct me.

Edit: correct, I've checked it and the secret usage there is indeed cryptographic and correct. I've actually reverse engineered this specific part of code in a Node app (to enable the Node app to render correct live components), it must use the secret too (the secret is shared with the Node app). It would be cool if you could specific a LiveComponent-specific secret (so, not use kernel.secret) to improve the security, but that's not something we should do in this PR. @smnandre

@dkarlovi dkarlovi mentioned this pull request Dec 19, 2024
Closed
smnandre
smnandre approved these changes Dec 20, 2024
View reviewed changes
Copy link
Member

@smnandre smnandre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a line in the changelog ?

@carsonbot carsonbot added Status: Reviewed Has been reviewed by a maintainer and removed Status: Needs Review Needs to be reviewed labels Dec 20, 2024
@dkarlovi
Copy link
Contributor Author

@smnandre done.

@smnandre
Copy link
Member

Thank you @dkarlovi.

@smnandre smnandre merged commit 41a7062 into symfony:2.x Dec 24, 2024
59 checks passed
@dkarlovi dkarlovi deleted the patch-1 branch December 24, 2024 08:04
@dkarlovi
Copy link
Contributor Author

dkarlovi commented Jan 2, 2025

@smnandre IMO a bugfix release with this would be in order since it's blocking using Symfony 7.2 in specific cases completely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas left review comments

@smnandre smnandre smnandre approved these changes

Assignees
No one assigned
Labels
Bug Bug Fix Status: Reviewed Has been reviewed by a maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[LiveComponent] TemplateCacheWarmer needs non available kernel.secret to build the template map
4 participants
@dkarlovi @smnandre @nicolas-grekas @carsonbot