Dotan, Thank you a lot of much!!!
Yours answer has helped me to fix the old bug in one of my old project
(written on Mojolicious::Lite)!
I've been got this warning ("passphrase needs to be changed") in this case:
plugin( Mount => { '/adm' => $Bin . '/admin.pl' } );
app->secrets($cfg->{secret});
app->sessions->default_expiration($cfg->{session_exp});
But after this changes:
app->secrets($cfg->{secret});
app->sessions->default_expiration($cfg->{session_exp});
plugin( Mount => { '/adm' => $Bin . '/admin.pl' } );
Warning is disappeared
Also I think that in the case of James Bearden the same thing
четверг, 30 июня 2016 г., 21:19:59 UTC+3 пользователь Dotan Dimet написал:
>
> Hi James,
>
> You are getting the warning because something is calling secrets on a
> Mojolicious instance (presumably, your app) before you initialize it with
> the correct value in your startup method. The log message about changing
> your passphrase is in the default initializer of secrets in Mojolicious.pm.
>
> Usually, you get that message if you don't initialize secrets only on the
> first request to your app (not on server startup).
>
> So presumably something in your code is calling it before the line in your
> startup method. Since the section of the startup method you shared looks
> rather innocuous, I'd guess it might be something in a module run on "use".
>
> Hope this is helpful,
> Dotan
>
>
> On 28/06/16 18:15, James Bearden wrote:
>
>
> I do use "NeoCaddy" in both places and haven't touch those parts of the
> code for a long time. I only started getting the warning when I upgraded to
> a newer version of mojolicious (6.15). I used MyApp in the original post
> basically for giggles.
>
> So at this point it seems as though nobody can really tell my why I am
> getting the warning, so when I have some free time I will dig into it more
> and post back if I find anything. Thanks everybody for the effort.
>
> James
>
> On Tuesday, June 28, 2016 at 9:45:08 AM UTC-5, Stefan Adams wrote:
>>
>>
>> On Tue, Jun 28, 2016 at 8:23 AM, James Bearden <[email protected]>
>> wrote:
>>
>>> It does match. The name of my app is NeoCaddy, and here is the top of
>>> the associated package:
>>
>>
>> FWIW, this does not produce the unwanted behavior of "Your secret
>> passphrase needs to be changed":
>>
>> $ cat /tmp/secrets.pl
>> use Mojolicious::Commands;
>>
>> # Start command line interface for application
>> Mojolicious::Commands->start_app('NeoCaddy');
>>
>> package NeoCaddy;
>> use Mojo::Base 'Mojolicious';
>>
>> sub startup {
>> my $Self = shift;
>>
>> # Set name for the mojolicious cookie. Maximum cookie size is 4096
>> bytes.
>> $Self->sessions->cookie_name('MyApp');
>>
>> # Key to encode client cookie, which stores some session information.
>>
>> $Self->secrets(['uBLR8eIgsIQ7MmZ0nfyd5UOdd48VlnUGrjYyS9regRX72qEO2b0UlQ738a',
>> '30J0SEIIF3UQzLYZNrgD2sh9Zm3DgYjzaN9RRmi8k1Gs0SBNk7tzd2dPg']);
>>
>> *$Self->routes->get('/')->to(cb=>sub{shift->render(text => scalar
>> localtime)});*
>> }
>>
>> $ perl /tmp/secrets.pl daemon
>> [Tue Jun 28 09:39:37 2016] [info] Listening at *MailScanner has detected
>> a possible fraud attempt from "*:3000" claiming to be* "http://*:3000";
>> <http://*:3000>
>> Server available at *MailScanner warning: numerical links are often
>> malicious:* http://127.0.0.1:3000 <http://127.0.0.1:3000>
>> ^C
>>
>> $ perl /tmp/secrets.pl get /
>> [Tue Jun 28 09:39:41 2016] [debug] GET "/"
>> [Tue Jun 28 09:39:41 2016] [debug] Routing to a callback
>> [Tue Jun 28 09:39:41 2016] [debug] 200 OK (0.000403s, 2481.390/s)
>> *Tue Jun 28 09:39:41 2016*
>>
>> Note in your original post you stated "I use
>> "Mojolicious::Commands->start_app('*MyApp*')" in a script to start my
>> server" but I used "Mojolicious::Commands->start_app('*NeoCaddy*')"
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Mojolicious" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected] <javascript:>.
> To post to this group, send email to [email protected]
> <javascript:>.
> Visit this group at https://groups.google.com/group/mojolicious.
> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.
>
--
You received this message because you are subscribed to the Google Groups
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
