DEV: revert upgrade of rack to version 2.0.8

We can not upgrade rack cause it breaks Sidekiq web. I can not find a trivial fix short of disabling sessions in Sidekiq which is a security concern. We need to figure out how to reuse sessions with our Rails application in Sidekiq. This gets extra complex cause we use a special cookie store for sessions. 9e399b42b9/lib/discourse_cookie_store.rb (L3-L21)
2024-11-22 06:28:57 +08:00 · 2020-01-13 18:07:16 +11:00 · 2020-01-13 18:07:16 +11:00 · eb105ba79d
commit eb105ba79d
parent 9e399b42b9
2 changed files with 8 additions and 1 deletions
--- a/6
+++ b/6
@ -131,6 +131,12 @@ gem 'mini_racer'
 # TODO: determine why highline is being held back and upgrade to latest
 gem 'highline', '~> 1.7.0', require: false

+# TODO: Upgrading breaks Sidekiq Web
+# This is a bit of a hornets nest cause in an ideal world we much prefer
+# if Sidekiq reused session and CSRF mitigation with Discourse on the
+# _forum_session cookie instead of a rack.session cookie
+gem 'rack', '2.0.8'
+
 gem 'rack-protection' # security
 gem 'cbor', require: false
 gem 'cose', require: false
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -271,7 +271,7 @@ GEM
    puma (4.3.1)
      nio4r (~> 2.0)
    r2 (0.2.7)
-    rack (2.1.1)
+    rack (2.0.8)
    rack-mini-profiler (1.1.4)
      rack (>= 1.2.0)
    rack-openid (1.3.1)
@ -511,6 +511,7 @@ DEPENDENCIES
  pry-rails
  puma
  r2
+  rack (= 2.0.8)
  rack-mini-profiler
  rack-protection
  rails_multisite