In order to facilitate the transition between 2.4. and 2.5. for ActionController users, I propose here an option for base#authentic? named authorize_md5 that is set to false by default. If authorize_md5 is set to true, the server will accept both CONTENT_MD5 and X_AUTHORIZATION_CONTENT_SHA256 headers.
This feature is designed to be transparent for SHA-256 users, and to permit MD5 users to work both with MD5 and SHA-256
fwininger
commented
2 years ago
In order to facilitate the transition between 2.4. and 2.5. for ActionController users, I propose here an option for
base#authentic?namedauthorize_md5that is set tofalseby default. Ifauthorize_md5is set to true, the server will accept bothCONTENT_MD5andX_AUTHORIZATION_CONTENT_SHA256headers.This feature is designed to be transparent for SHA-256 users, and to permit MD5 users to work both with MD5 and SHA-256