oauth2: Resolve memory leak in gorilla/sessions (#1374)

Closes #1363 Signed-off-by: aeneasr <aeneas@ory.sh>
ory · Apr 20, 2019 · e745aee · e745aee
1 parent d27224e
commit e745aee
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/cmd/server/handler.go b/cmd/server/handler.go
@@ -35,9 +35,8 @@ import (
 	"github.com/ory/x/flagx"
 	"github.com/ory/x/logrusx"
 
-	"github.com/gorilla/context"
 	"github.com/julienschmidt/httprouter"
-	negronilogrus "github.com/meatballhat/negroni-logrus"
+	"github.com/meatballhat/negroni-logrus"
 	"github.com/rs/cors"
 	"github.com/spf13/cobra"
 	"github.com/urfave/negroni"
@@ -63,9 +62,9 @@ func EnhanceMiddleware(d driver.Driver, n *negroni.Negroni, address string, rout
 		d.Registry().Logger().
 			WithField("options", fmt.Sprintf("%+v", options)).
 			Infof("Enabling CORS on interface: %s", address)
-		return context.ClearHandler(cors.New(options).Handler(n))
+		return cors.New(options).Handler(n)
 	}
-	return context.ClearHandler(n)
+	return n
 }
 
 func isDSNAllowed(d driver.Driver) {

diff --git a/go.mod b/go.mod
@@ -26,7 +26,7 @@ require (
 	github.com/gorilla/context v1.1.1
 	github.com/gorilla/handlers v1.4.0 // indirect
 	github.com/gorilla/securecookie v1.1.1
-	github.com/gorilla/sessions v1.1.3
+	github.com/gorilla/sessions v1.1.4-0.20181208214519-12bd4761fc66
 	github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69
 	github.com/hashicorp/golang-lru v0.5.1 // indirect
 	github.com/imdario/mergo v0.0.0-20171009183408-7fe0c75c13ab

diff --git a/go.sum b/go.sum
@@ -369,6 +369,8 @@ github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+
 github.com/gorilla/sessions v1.1.2/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
 github.com/gorilla/sessions v1.1.3 h1:uXoZdcdA5XdXF3QzuSlheVRUvjl+1rKY7zBXL68L9RU=
 github.com/gorilla/sessions v1.1.3/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
+github.com/gorilla/sessions v1.1.4-0.20181208214519-12bd4761fc66 h1:2i3OrAjARC9UWJ/mie/5liA3dOcO9hcXIe0QHQLrTQ0=
+github.com/gorilla/sessions v1.1.4-0.20181208214519-12bd4761fc66/go.mod h1:Ieo8HYsV0qN9WIJeic1HRzDxX9UY5BkplHncRmmZPwU=
 github.com/gotestyourself/gotestyourself v2.2.0+incompatible h1:AQwinXlbQR2HvPjQZOmDhRqsv5mZf+Jb1RnSLxcqZcI=
 github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=