github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-17 00:32:45 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: revert upgrade of rack to version 2.0.8

Browse Source 
We can not upgrade rack cause it breaks Sidekiq web.

I can not find a trivial fix short of disabling sessions in Sidekiq which
is a security concern.

We need to figure out how to reuse sessions with our Rails application in
Sidekiq.

This gets extra complex cause we use a special cookie store for sessions.

9e399b42b9/lib/discourse_cookie_store.rb (L3-L21)
This commit is contained in:
Sam Saffron 2020-01-13 18:07:16 +11:00
parent 9e399b42b9
commit eb105ba79d
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Gemfile
View File

@ -131,6 +131,12 @@ gem 'mini_racer'
# TODO: determine why highline is being held back and upgrade to latest # TODO: determine why highline is being held back and upgrade to latest
gem 'highline', '~> 1.7.0', require: false gem 'highline', '~> 1.7.0', require: false
# TODO: Upgrading breaks Sidekiq Web
# This is a bit of a hornets nest cause in an ideal world we much prefer
# if Sidekiq reused session and CSRF mitigation with Discourse on the
# _forum_session cookie instead of a rack.session cookie
gem 'rack', '2.0.8'
gem 'rack-protection' # security gem 'rack-protection' # security
gem 'cbor', require: false gem 'cbor', require: false
gem 'cose', require: false gem 'cose', require: false

3
Gemfile.lock
View File

@ -271,7 +271,7 @@ GEM
puma (4.3.1) puma (4.3.1)
nio4r (~> 2.0) nio4r (~> 2.0)
r2 (0.2.7) r2 (0.2.7)
rack (2.1.1) rack (2.0.8)
rack-mini-profiler (1.1.4) rack-mini-profiler (1.1.4)
rack (>= 1.2.0) rack (>= 1.2.0)
rack-openid (1.3.1) rack-openid (1.3.1)
@ -511,6 +511,7 @@ DEPENDENCIES
pry-rails pry-rails
puma puma
r2 r2
rack (= 2.0.8)
rack-mini-profiler rack-mini-profiler
rack-protection rack-protection
rails_multisite rails_multisite