Fix connection pool for Redis cache store

Gemfile

@@ -22,7 +22,6 @@ gem 'net-smtp', '~> 0.5.1'
 gem 'omniauth', '~> 2.1.4'
 gem 'omniauth-identity', '~> 3.1', '>= 3.1.5'
 gem 'omniauth-oauth2', '~> 1.9.0'
-gem 'omniauth-rails_csrf_protection', '~> 2.0', '>= 2.0.1'
 gem 'paper_trail', '~> 17.0.0'
 gem 'paranoia', '~> 3.1.0'
 gem 'pg', '~> 1.6.2'

config/application.rb

@@ -30,8 +30,7 @@ class Application < Rails::Application
 
     config.cache_store = :redis_cache_store, {
       url: Rails.application.config_for(:cable)['url'],
-      pool_size: ENV.fetch('RAILS_MAX_THREADS', 5).to_i,
-      pool_timeout: 5
+      pool: { size: ENV.fetch('RAILS_MAX_THREADS', 5).to_i, timeout: 5 }
     }
     config.active_job.queue_adapter = :sidekiq
 

config/initializers/devise.rb

@@ -12,6 +12,9 @@
   # ==> OmniAuth
   require_dependency Rails.root.join('config', 'initializers', 'omniauth_strategies', 'amber_oauth2.rb')
 
+  # CSRF protection (built-in solution for CVE-2015-9284)
+  OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection.new(key: :_csrf_token)
+
   config.omniauth :amber_oauth2, Rails.application.config.x.amber_client_id,
                   Rails.application.config.x.amber_client_secret
   config.omniauth :identity, model: SofiaAccount, fields: %i[username user_id],

config/initializers/sidekiq.rb

@@ -2,14 +2,14 @@
 
 if redis_url
   Sidekiq.configure_server do |config|
-    config.redis = { 
+    config.redis = {
       url: redis_url,
       pool_timeout: 5
     }
   end
 
   Sidekiq.configure_client do |config|
-    config.redis = { 
+    config.redis = {
       url: redis_url,
       pool_timeout: 5
     }