From eb105ba79d61604555b310ab553277df1848a78f Mon Sep 17 00:00:00 2001
From: Sam Saffron <sam.saffron@gmail.com>
Date: Mon, 13 Jan 2020 18:07:16 +1100
Subject: [PATCH] DEV: revert upgrade of rack to version 2.0.8

We can not upgrade rack cause it breaks Sidekiq web.

I can not find a trivial fix short of disabling sessions in Sidekiq which
is a security concern.

We need to figure out how to reuse sessions with our Rails application in
Sidekiq.

This gets extra complex cause we use a special cookie store for sessions.

https://github.com/discourse/discourse/blob/9e399b42b96f115a8367c368862d62aeecfac680/lib/discourse_cookie_store.rb#L3-L21
---
 Gemfile      | 6 ++++++
 Gemfile.lock | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Gemfile b/Gemfile
index 205de4ccbe1..1c801d8f3f7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -131,6 +131,12 @@ gem 'mini_racer'
 # TODO: determine why highline is being held back and upgrade to latest
 gem 'highline', '~> 1.7.0', require: false
 
+# TODO: Upgrading breaks Sidekiq Web
+# This is a bit of a hornets nest cause in an ideal world we much prefer
+# if Sidekiq reused session and CSRF mitigation with Discourse on the
+# _forum_session cookie instead of a rack.session cookie
+gem 'rack', '2.0.8'
+
 gem 'rack-protection' # security
 gem 'cbor', require: false
 gem 'cose', require: false
diff --git a/Gemfile.lock b/Gemfile.lock
index ce471e4d66e..8f38740bd1b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -271,7 +271,7 @@ GEM
     puma (4.3.1)
       nio4r (~> 2.0)
     r2 (0.2.7)
-    rack (2.1.1)
+    rack (2.0.8)
     rack-mini-profiler (1.1.4)
       rack (>= 1.2.0)
     rack-openid (1.3.1)
@@ -511,6 +511,7 @@ DEPENDENCIES
   pry-rails
   puma
   r2
+  rack (= 2.0.8)
   rack-mini-profiler
   rack-protection
   rails_multisite