From a9a7a89f71c631995cdb83ca8acbf490c3e43887 Mon Sep 17 00:00:00 2001
From: Akshay Birajdar <mailakshayb1@gmail.com>
Date: Sat, 11 Apr 2026 01:21:24 +0530
Subject: [PATCH] && will short circuit, vulnerable to potential timing
 attacks, use & instead (#1429)

---
 config/initializers/sidekiq.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index 7183382a2..1338491a4 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -5,7 +5,7 @@ if Rails.env.production?
     configured_username = ::Digest::SHA256.hexdigest(ENV.fetch("SIDEKIQ_WEB_USERNAME", "sure"))
     configured_password = ::Digest::SHA256.hexdigest(ENV.fetch("SIDEKIQ_WEB_PASSWORD", "sure"))
 
-    ActiveSupport::SecurityUtils.secure_compare(::Digest::SHA256.hexdigest(username), configured_username) &&
+    ActiveSupport::SecurityUtils.secure_compare(::Digest::SHA256.hexdigest(username), configured_username) &
       ActiveSupport::SecurityUtils.secure_compare(::Digest::SHA256.hexdigest(password), configured_password)
   end
 end