mirror of
https://github.com/discourse/discourse.git
synced 2025-09-05 08:59:27 +08:00
DEV: revert upgrade of rack to version 2.0.8
We can not upgrade rack cause it breaks Sidekiq web.
I can not find a trivial fix short of disabling sessions in Sidekiq which
is a security concern.
We need to figure out how to reuse sessions with our Rails application in
Sidekiq.
This gets extra complex cause we use a special cookie store for sessions.
9e399b42b9/lib/discourse_cookie_store.rb (L3-L21)
This commit is contained in:
Sam Saffron
parent
9e399b42b9
commit
eb105ba79d
2 changed files with 8 additions and 1 deletions
6
Gemfile
6
Gemfile
|
|
@ -131,6 +131,12 @@ gem 'mini_racer'
|
|||
# TODO: determine why highline is being held back and upgrade to latest
|
||||
gem 'highline', '~> 1.7.0', require: false
|
||||
|
||||
# TODO: Upgrading breaks Sidekiq Web
|
||||
# This is a bit of a hornets nest cause in an ideal world we much prefer
|
||||
# if Sidekiq reused session and CSRF mitigation with Discourse on the
|
||||
# _forum_session cookie instead of a rack.session cookie
|
||||
gem 'rack', '2.0.8'
|
||||
|
||||
gem 'rack-protection' # security
|
||||
gem 'cbor', require: false
|
||||
gem 'cose', require: false
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue
