Incompabtibility with rack 3/warden/devise

[tmaier]

I use devise and rack in my Rails 7.1 application, together with rack-mini-profiler.

When I upgraded to rack 3, signing in and signing out did not work anymore. (possibly due to CSRF issues).

When I removed rack-mini-profiler from my app, everything worked as expected.

Partially related: https://www.reddit.com/r/rails/comments/179etec/comment/l6tzm7q/

[suryanarayanan035]

Hello @tmaier , I tried reproducing this issue but I couldn't. So, can you provide a link for a reproducing app?

[Chucheen]

Hello @suryanarayanan035

I have the same issue. I was using rack-mini-profiler 2.0 and when i upgraded to rails 7 and rack 3.1.7 because i needed to support the partitioned cookie attribute ( CHIPS ), i was getting the following error:

2024-10-01 18:43:51 -0600 Rack app ("GET /mini-profiler-resources/includes.jsv=90a68676a0c0d704b4438ca3f27d46c4" - (::1)): #<NameError: uninitialized constant Rack::File

      rack_file = Rack::File.new(MiniProfiler.resources_root, 'Cache-Control' => "max-age=#{cache_control_value}")
                      ^^^^^^
Did you mean?  Rack::Files
               Files>

So i upgraded rack-mini-profile too to version 3.3.1 which prevented me from logging in by raising an InvalidAuthenticityToken. One thing i notice is that it's adding a [" to the session cookie and also it doesn't set the SameSite attribute to Lax, it leaves it empty. As soon as i remove the gem, it goes back to normal and uses the correct cookie name

I've tried with rack-mini-profiler versions:

• 3.3.1
• 3.1.0
• 2.3.4 <- This ones go back to the constant missing ::Rack::File error

I'm using rails 7.1, rack 3.1.7, devise 4.9