Skip to content
Browse files

DEV: revert upgrade of rack to version 2.0.8

We can not upgrade rack cause it breaks Sidekiq web.

I can not find a trivial fix short of disabling sessions in Sidekiq which
is a security concern.

We need to figure out how to reuse sessions with our Rails application in

This gets extra complex cause we use a special cookie store for sessions.
  • Loading branch information
SamSaffron committed Jan 13, 2020
1 parent 9e399b4 commit eb105ba79d61604555b310ab553277df1848a78f
Showing with 8 additions and 1 deletion.
  1. +6 −0 Gemfile
  2. +2 −1 Gemfile.lock
@@ -131,6 +131,12 @@ gem 'mini_racer'
# TODO: determine why highline is being held back and upgrade to latest
gem 'highline', '~> 1.7.0', require: false

# TODO: Upgrading breaks Sidekiq Web
# This is a bit of a hornets nest cause in an ideal world we much prefer
# if Sidekiq reused session and CSRF mitigation with Discourse on the
# _forum_session cookie instead of a rack.session cookie
gem 'rack', '2.0.8'

gem 'rack-protection' # security
gem 'cbor', require: false
gem 'cose', require: false
@@ -271,7 +271,7 @@ GEM
puma (4.3.1)
nio4r (~> 2.0)
r2 (0.2.7)
rack (2.1.1)
rack (2.0.8)
rack-mini-profiler (1.1.4)
rack (>= 1.2.0)
rack-openid (1.3.1)
@@ -511,6 +511,7 @@ DEPENDENCIES
rack (= 2.0.8)

1 comment on commit eb105ba


This comment has been minimized.

Copy link
Member Author

SamSaffron commented on eb105ba Jan 13, 2020

Please sign in to comment.
You can’t perform that action at this time.