Disable the Sidekiq Admin Rack session

GitLab already has its own session store, so this extra Sidekiq session is unnecessary. In addition, the GitLab session store properly sets the Secure flag, unlike the default Rack session. CSRF protection in the Sidekiq /admin page continues to work with the existing GitLab session. See https://github.com/mperham/sidekiq/pull/3183 for more details. Part of #49120
author: Stan Hu <stanhu@gmail.com> 2018-08-30 12:35:32 -0700
committer: Stan Hu <stanhu@gmail.com> 2018-08-31 12:16:17 -0700
commit: 4442972b060593b045254668af32658382f18e6b (patch)
tree: cbde37e9b535ae35df44c9cc6d91e0fb34cde766 /config
parent: 472f2d566633df6c1dee1f703b06958b9a0a2cd8 (diff)
download: gitlab-ce-4442972b060593b045254668af32658382f18e6b.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index 6f54bee4713..476eaabfed8 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -1,3 +1,9 @@
+require 'sidekiq/web'
+
+# Disable the Sidekiq Rack session since GitLab already has its own session store.
+# CSRF protection still works (https://github.com/mperham/sidekiq/commit/315504e766c4fd88a29b7772169060afc4c40329).
+Sidekiq::Web.set :sessions, false
+
 # Custom Queues configuration
 queues_config_hash = Gitlab::Redis::Queues.params
 queues_config_hash[:namespace] = Gitlab::Redis::Queues::SIDEKIQ_NAMESPACE
author	Stan Hu <stanhu@gmail.com>	2018-08-30 12:35:32 -0700
committer	Stan Hu <stanhu@gmail.com>	2018-08-31 12:16:17 -0700
commit	4442972b060593b045254668af32658382f18e6b (patch)
tree	cbde37e9b535ae35df44c9cc6d91e0fb34cde766 /config
parent	472f2d566633df6c1dee1f703b06958b9a0a2cd8 (diff)
download	gitlab-ce-4442972b060593b045254668af32658382f18e6b.tar.gz