`login_as` not working with Puma 4.3.2

wardencommunity / warden

General Rack Authentication Framework

MIT License

2.48k stars 204 forks source link

`login_as` not working with Puma 4.3.2 #183

Closed kaspernj closed 4 years ago

kaspernj commented 4 years ago

Dependabot suggested upgrading to Puma 4.3.2 because of a security fix.

It looks like after upgrading login_as has stopped working in my integration / system specs. current_user is nil in my tests at least, even though I expected a user to be present because I am using login_as. If I spin up my app in development mode everything works fine, so it is only while testing.

The description of the security fix is: Fix: Prevent HTTP Response splitting via CR/LF in header values.

jcope2013 commented 4 years ago

Upgrade to Puma 4.3.3

https://github.com/puma/puma/blob/master/History.md

kaspernj commented 4 years ago

That worked. Thanks :-)