diff --git a/core/authorize.php b/core/authorize.php
index fd9e2f4..5a8d704 100644
--- a/core/authorize.php
+++ b/core/authorize.php
@@ -56,6 +56,7 @@ function authorize_access_denied_page() {
  *   TRUE if the current user can run authorize.php, and FALSE if not.
  */
 function authorize_access_allowed() {
+  require_once DRUPAL_ROOT . '/core/includes/database.inc';
   require_once DRUPAL_ROOT . '/' . settings()->get('session_inc', 'core/includes/session.inc');
   drupal_session_initialize();
   return settings()->get('allow_authorize_operations', TRUE) && user_access('administer software updates');
@@ -70,7 +71,7 @@ function authorize_access_allowed() {
 require_once __DIR__ . '/includes/ajax.inc';
 
 // Prepare a minimal bootstrap.
-drupal_bootstrap(DRUPAL_BOOTSTRAP_PAGE_CACHE);
+drupal_bootstrap(DRUPAL_BOOTSTRAP_KERNEL);
 $request = \Drupal::request();
 
 // We have to enable the user and system modules, even to check access and
diff --git a/core/modules/statistics/statistics.php b/core/modules/statistics/statistics.php
index 59675f1..b27ea13 100644
--- a/core/modules/statistics/statistics.php
+++ b/core/modules/statistics/statistics.php
@@ -11,7 +11,8 @@
 // Load the Drupal bootstrap.
 require_once dirname(dirname(__DIR__)) . '/vendor/autoload.php';
 require_once dirname(dirname(__DIR__)) . '/includes/bootstrap.inc';
-drupal_bootstrap(DRUPAL_BOOTSTRAP_PAGE_CACHE);
+require_once dirname(dirname(__DIR__)) . '/includes/database.inc';
+drupal_bootstrap(DRUPAL_BOOTSTRAP_KERNEL);
 
 if (\Drupal::config('statistics.settings')->get('count_content_views')) {
   $nid = filter_input(INPUT_POST, 'nid', FILTER_VALIDATE_INT);