mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 13:09:18 +08:00
DEV: revert upgrade of rack to version 2.0.8
We can not upgrade rack cause it breaks Sidekiq web.
I can not find a trivial fix short of disabling sessions in Sidekiq which
is a security concern.
We need to figure out how to reuse sessions with our Rails application in
Sidekiq.
This gets extra complex cause we use a special cookie store for sessions.
9e399b42b9/lib/discourse_cookie_store.rb (L3-L21)
This commit is contained in:
parent
9e399b42b9
commit
eb105ba79d
6
Gemfile
6
Gemfile
|
@ -131,6 +131,12 @@ gem 'mini_racer'
|
|||
# TODO: determine why highline is being held back and upgrade to latest
|
||||
gem 'highline', '~> 1.7.0', require: false
|
||||
|
||||
# TODO: Upgrading breaks Sidekiq Web
|
||||
# This is a bit of a hornets nest cause in an ideal world we much prefer
|
||||
# if Sidekiq reused session and CSRF mitigation with Discourse on the
|
||||
# _forum_session cookie instead of a rack.session cookie
|
||||
gem 'rack', '2.0.8'
|
||||
|
||||
gem 'rack-protection' # security
|
||||
gem 'cbor', require: false
|
||||
gem 'cose', require: false
|
||||
|
|
|
@ -271,7 +271,7 @@ GEM
|
|||
puma (4.3.1)
|
||||
nio4r (~> 2.0)
|
||||
r2 (0.2.7)
|
||||
rack (2.1.1)
|
||||
rack (2.0.8)
|
||||
rack-mini-profiler (1.1.4)
|
||||
rack (>= 1.2.0)
|
||||
rack-openid (1.3.1)
|
||||
|
@ -511,6 +511,7 @@ DEPENDENCIES
|
|||
pry-rails
|
||||
puma
|
||||
r2
|
||||
rack (= 2.0.8)
|
||||
rack-mini-profiler
|
||||
rack-protection
|
||||
rails_multisite
|
||||
|
|
Loading…
Reference in New Issue
Block a user