Commit 4442972b authored by Stan Hu's avatar Stan Hu

Disable the Sidekiq Admin Rack session

GitLab already has its own session store, so this extra Sidekiq session is
unnecessary.  In addition, the GitLab session store properly sets the Secure
flag, unlike the default Rack session.

CSRF protection in the Sidekiq /admin page continues to work with the existing
GitLab session.

See https://github.com/mperham/sidekiq/pull/3183 for more details.

Part of #49120
parent 472f2d56
---
title: Disable the Sidekiq Admin Rack session
merge_request: 21441
author:
type: security
require 'sidekiq/web'
# Disable the Sidekiq Rack session since GitLab already has its own session store.
# CSRF protection still works (https://github.com/mperham/sidekiq/commit/315504e766c4fd88a29b7772169060afc4c40329).
Sidekiq::Web.set :sessions, false
# Custom Queues configuration # Custom Queues configuration
queues_config_hash = Gitlab::Redis::Queues.params queues_config_hash = Gitlab::Redis::Queues.params
queues_config_hash[:namespace] = Gitlab::Redis::Queues::SIDEKIQ_NAMESPACE queues_config_hash[:namespace] = Gitlab::Redis::Queues::SIDEKIQ_NAMESPACE
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment