github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-18 21:02:48 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: dev subfolder session cookies (#16031)

Browse Source 
rack-mini-profiler was setting a cookie path of / which was clobbering
the session cookie path of Discourse.base_path.

Fixes some issues when local dev is unable to read or write from/to
the user session, such as during omniauth CSRF checks.
This commit is contained in:
Jeff Wong 2022-02-23 04:42:57 -10:00 committed by GitHub
parent cd6b7459a7
commit 9c50c69bd2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Gemfile.lock
View File

@ -314,7 +314,7 @@ GEM
r2 (0.2.7)
racc (1.6.0)
rack (2.2.3)
rack-mini-profiler (2.3.3)
rack-mini-profiler (2.3.4)
rack (>= 1.2.0)
rack-protection (2.2.0)
rack

4
config/initializers/006-mini_profiler.rb
View File

@ -68,6 +68,10 @@ if defined?(Rack::MiniProfiler) && defined?(Rack::MiniProfiler::Config)
Digest::MD5.hexdigest(id)
end
# Cookie path should be set to the base path so Discourse's session cookie path
# does not get clobbered.
Rack::MiniProfiler.config.cookie_path = Discourse.base_path
Rack::MiniProfiler.config.position = 'left'
Rack::MiniProfiler.config.backtrace_ignores ||= []
Rack::MiniProfiler.config.backtrace_ignores << /lib\/rack\/message_bus.rb/