Heroku /Sidekiq error when kill/retry job - 403 Forbidden - Attack prevented
I use Sidekiq on my heroku app and when I want to kill a job or retry, it will lead to 403 forbidden page with an error:
WARN -- : attack prevented by Rack::Protection::HttpOrigin
My heroku app: http://myapp.herokuapp.com
My domain name where it does not work: https://www.myapp.my
In sidekiq documentation, I found this to fix the error adding to the routes.rb but it does not help:
Sidekiq::Web.set :session_secret, Rails.application.secrets[:secret_key_base]
My session_store.rb file:
Rails.application.config.session_store :cookie_store, key: '_myapp_session'
I guess there is an issue with the ssl. I found this solution for nginx.conf but how to set it up on heroku to test if this help?
proxy_set_header X-Forwarded-Host 'my-host.com';
proxy_set_header X-Forwarded-Proto $scheme;
Or any other solution how to solve the 403 forbidden?
Edit: My routes
require 'sidekiq/web'
authenticate :admin do
mount Sidekiq::Web => '/sidekiq'
end
It does work on localhost but not in production
Edit #2: If I switch off the https and let my app to be on http, it does work so how to tell my app/sidekiq to use https?
proxy_set_header X-Forwarded-Proto $scheme;
This will tell your application that the original request came in
using https even though the request from nginx to unicorn is http.
But how to do it on heroku?
ruby-on-rails nginx heroku
|
show 1 more comment
I use Sidekiq on my heroku app and when I want to kill a job or retry, it will lead to 403 forbidden page with an error:
WARN -- : attack prevented by Rack::Protection::HttpOrigin
My heroku app: http://myapp.herokuapp.com
My domain name where it does not work: https://www.myapp.my
In sidekiq documentation, I found this to fix the error adding to the routes.rb but it does not help:
Sidekiq::Web.set :session_secret, Rails.application.secrets[:secret_key_base]
My session_store.rb file:
Rails.application.config.session_store :cookie_store, key: '_myapp_session'
I guess there is an issue with the ssl. I found this solution for nginx.conf but how to set it up on heroku to test if this help?
proxy_set_header X-Forwarded-Host 'my-host.com';
proxy_set_header X-Forwarded-Proto $scheme;
Or any other solution how to solve the 403 forbidden?
Edit: My routes
require 'sidekiq/web'
authenticate :admin do
mount Sidekiq::Web => '/sidekiq'
end
It does work on localhost but not in production
Edit #2: If I switch off the https and let my app to be on http, it does work so how to tell my app/sidekiq to use https?
proxy_set_header X-Forwarded-Proto $scheme;
This will tell your application that the original request came in
using https even though the request from nginx to unicorn is http.
But how to do it on heroku?
ruby-on-rails nginx heroku
How are you sending the command to stop/retry a job? I suspect that the issue is not related to SSL,but to csfr_authenticity token not passed
– mabe02
Nov 22 '17 at 22:11
I am sending it through the UI myapp.my/sidekiq. In localhost, it does work without any issue
– Dudis
Nov 22 '17 at 23:25
I edited the comment It's due to the https redirection. With http:// it does work. How to tell the sidekiq to use https?
– Dudis
Nov 23 '17 at 0:08
Did you try also the second option suggested by github.com/mperham/sidekiq/wiki/Monitoring#forbidden ` Sidekiq::Web.use(::Rack::Protection, { use: :authenticity_token, logging: true, message: "Didn't work!" })`
– mabe02
Nov 23 '17 at 7:16
You can have a look at www.sourcediver.org/blog/2015/07/01/rack-protection-and-nginx/ referred in an issue on the GitHub source github.com/mperham/sidekiq/issues/2560
– mabe02
Nov 23 '17 at 7:19
|
show 1 more comment
I use Sidekiq on my heroku app and when I want to kill a job or retry, it will lead to 403 forbidden page with an error:
WARN -- : attack prevented by Rack::Protection::HttpOrigin
My heroku app: http://myapp.herokuapp.com
My domain name where it does not work: https://www.myapp.my
In sidekiq documentation, I found this to fix the error adding to the routes.rb but it does not help:
Sidekiq::Web.set :session_secret, Rails.application.secrets[:secret_key_base]
My session_store.rb file:
Rails.application.config.session_store :cookie_store, key: '_myapp_session'
I guess there is an issue with the ssl. I found this solution for nginx.conf but how to set it up on heroku to test if this help?
proxy_set_header X-Forwarded-Host 'my-host.com';
proxy_set_header X-Forwarded-Proto $scheme;
Or any other solution how to solve the 403 forbidden?
Edit: My routes
require 'sidekiq/web'
authenticate :admin do
mount Sidekiq::Web => '/sidekiq'
end
It does work on localhost but not in production
Edit #2: If I switch off the https and let my app to be on http, it does work so how to tell my app/sidekiq to use https?
proxy_set_header X-Forwarded-Proto $scheme;
This will tell your application that the original request came in
using https even though the request from nginx to unicorn is http.
But how to do it on heroku?
ruby-on-rails nginx heroku
I use Sidekiq on my heroku app and when I want to kill a job or retry, it will lead to 403 forbidden page with an error:
WARN -- : attack prevented by Rack::Protection::HttpOrigin
My heroku app: http://myapp.herokuapp.com
My domain name where it does not work: https://www.myapp.my
In sidekiq documentation, I found this to fix the error adding to the routes.rb but it does not help:
Sidekiq::Web.set :session_secret, Rails.application.secrets[:secret_key_base]
My session_store.rb file:
Rails.application.config.session_store :cookie_store, key: '_myapp_session'
I guess there is an issue with the ssl. I found this solution for nginx.conf but how to set it up on heroku to test if this help?
proxy_set_header X-Forwarded-Host 'my-host.com';
proxy_set_header X-Forwarded-Proto $scheme;
Or any other solution how to solve the 403 forbidden?
Edit: My routes
require 'sidekiq/web'
authenticate :admin do
mount Sidekiq::Web => '/sidekiq'
end
It does work on localhost but not in production
Edit #2: If I switch off the https and let my app to be on http, it does work so how to tell my app/sidekiq to use https?
proxy_set_header X-Forwarded-Proto $scheme;
This will tell your application that the original request came in
using https even though the request from nginx to unicorn is http.
But how to do it on heroku?
ruby-on-rails nginx heroku
ruby-on-rails nginx heroku
edited Nov 23 '17 at 0:08
asked Nov 22 '17 at 5:38
Dudis
271423
271423
How are you sending the command to stop/retry a job? I suspect that the issue is not related to SSL,but to csfr_authenticity token not passed
– mabe02
Nov 22 '17 at 22:11
I am sending it through the UI myapp.my/sidekiq. In localhost, it does work without any issue
– Dudis
Nov 22 '17 at 23:25
I edited the comment It's due to the https redirection. With http:// it does work. How to tell the sidekiq to use https?
– Dudis
Nov 23 '17 at 0:08
Did you try also the second option suggested by github.com/mperham/sidekiq/wiki/Monitoring#forbidden ` Sidekiq::Web.use(::Rack::Protection, { use: :authenticity_token, logging: true, message: "Didn't work!" })`
– mabe02
Nov 23 '17 at 7:16
You can have a look at www.sourcediver.org/blog/2015/07/01/rack-protection-and-nginx/ referred in an issue on the GitHub source github.com/mperham/sidekiq/issues/2560
– mabe02
Nov 23 '17 at 7:19
|
show 1 more comment
How are you sending the command to stop/retry a job? I suspect that the issue is not related to SSL,but to csfr_authenticity token not passed
– mabe02
Nov 22 '17 at 22:11
I am sending it through the UI myapp.my/sidekiq. In localhost, it does work without any issue
– Dudis
Nov 22 '17 at 23:25
I edited the comment It's due to the https redirection. With http:// it does work. How to tell the sidekiq to use https?
– Dudis
Nov 23 '17 at 0:08
Did you try also the second option suggested by github.com/mperham/sidekiq/wiki/Monitoring#forbidden ` Sidekiq::Web.use(::Rack::Protection, { use: :authenticity_token, logging: true, message: "Didn't work!" })`
– mabe02
Nov 23 '17 at 7:16
You can have a look at www.sourcediver.org/blog/2015/07/01/rack-protection-and-nginx/ referred in an issue on the GitHub source github.com/mperham/sidekiq/issues/2560
– mabe02
Nov 23 '17 at 7:19
How are you sending the command to stop/retry a job? I suspect that the issue is not related to SSL,but to csfr_authenticity token not passed
– mabe02
Nov 22 '17 at 22:11
How are you sending the command to stop/retry a job? I suspect that the issue is not related to SSL,but to csfr_authenticity token not passed
– mabe02
Nov 22 '17 at 22:11
I am sending it through the UI myapp.my/sidekiq. In localhost, it does work without any issue
– Dudis
Nov 22 '17 at 23:25
I am sending it through the UI myapp.my/sidekiq. In localhost, it does work without any issue
– Dudis
Nov 22 '17 at 23:25
I edited the comment It's due to the https redirection. With http:// it does work. How to tell the sidekiq to use https?
– Dudis
Nov 23 '17 at 0:08
I edited the comment It's due to the https redirection. With http:// it does work. How to tell the sidekiq to use https?
– Dudis
Nov 23 '17 at 0:08
Did you try also the second option suggested by github.com/mperham/sidekiq/wiki/Monitoring#forbidden ` Sidekiq::Web.use(::Rack::Protection, { use: :authenticity_token, logging: true, message: "Didn't work!" })`
– mabe02
Nov 23 '17 at 7:16
Did you try also the second option suggested by github.com/mperham/sidekiq/wiki/Monitoring#forbidden ` Sidekiq::Web.use(::Rack::Protection, { use: :authenticity_token, logging: true, message: "Didn't work!" })`
– mabe02
Nov 23 '17 at 7:16
You can have a look at www.sourcediver.org/blog/2015/07/01/rack-protection-and-nginx/ referred in an issue on the GitHub source github.com/mperham/sidekiq/issues/2560
– mabe02
Nov 23 '17 at 7:19
You can have a look at www.sourcediver.org/blog/2015/07/01/rack-protection-and-nginx/ referred in an issue on the GitHub source github.com/mperham/sidekiq/issues/2560
– mabe02
Nov 23 '17 at 7:19
|
show 1 more comment
1 Answer
1
active
oldest
votes
I've faced same problem on heroku.
Solution for custom domains;
You need to force ssl your rails app in config file. Because heroku app use default https scheme for app url. If you do not force it, it will use different schemes in forwarding requests.
config/environments/production.rb
# Force ssl
config.force_ssl = true
- If you are using free dynos on heroku, you can not use ssl feature and you should use heroku app url to access sidekiq web ui
https://your-app.herokuapp.com/sidekiq
Oh it works! I use free dynos so accessing the app in herokuapp domain is good enough solution. Thanks!
– Dudis
21 hours ago
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f47427511%2fheroku-sidekiq-error-when-kill-retry-job-403-forbidden-attack-prevented%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I've faced same problem on heroku.
Solution for custom domains;
You need to force ssl your rails app in config file. Because heroku app use default https scheme for app url. If you do not force it, it will use different schemes in forwarding requests.
config/environments/production.rb
# Force ssl
config.force_ssl = true
- If you are using free dynos on heroku, you can not use ssl feature and you should use heroku app url to access sidekiq web ui
https://your-app.herokuapp.com/sidekiq
Oh it works! I use free dynos so accessing the app in herokuapp domain is good enough solution. Thanks!
– Dudis
21 hours ago
add a comment |
I've faced same problem on heroku.
Solution for custom domains;
You need to force ssl your rails app in config file. Because heroku app use default https scheme for app url. If you do not force it, it will use different schemes in forwarding requests.
config/environments/production.rb
# Force ssl
config.force_ssl = true
- If you are using free dynos on heroku, you can not use ssl feature and you should use heroku app url to access sidekiq web ui
https://your-app.herokuapp.com/sidekiq
Oh it works! I use free dynos so accessing the app in herokuapp domain is good enough solution. Thanks!
– Dudis
21 hours ago
add a comment |
I've faced same problem on heroku.
Solution for custom domains;
You need to force ssl your rails app in config file. Because heroku app use default https scheme for app url. If you do not force it, it will use different schemes in forwarding requests.
config/environments/production.rb
# Force ssl
config.force_ssl = true
- If you are using free dynos on heroku, you can not use ssl feature and you should use heroku app url to access sidekiq web ui
https://your-app.herokuapp.com/sidekiq
I've faced same problem on heroku.
Solution for custom domains;
You need to force ssl your rails app in config file. Because heroku app use default https scheme for app url. If you do not force it, it will use different schemes in forwarding requests.
config/environments/production.rb
# Force ssl
config.force_ssl = true
- If you are using free dynos on heroku, you can not use ssl feature and you should use heroku app url to access sidekiq web ui
https://your-app.herokuapp.com/sidekiq
edited Nov 23 '18 at 11:25
answered Nov 23 '18 at 11:16
Ismail Akbudak
1365
1365
Oh it works! I use free dynos so accessing the app in herokuapp domain is good enough solution. Thanks!
– Dudis
21 hours ago
add a comment |
Oh it works! I use free dynos so accessing the app in herokuapp domain is good enough solution. Thanks!
– Dudis
21 hours ago
Oh it works! I use free dynos so accessing the app in herokuapp domain is good enough solution. Thanks!
– Dudis
21 hours ago
Oh it works! I use free dynos so accessing the app in herokuapp domain is good enough solution. Thanks!
– Dudis
21 hours ago
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f47427511%2fheroku-sidekiq-error-when-kill-retry-job-403-forbidden-attack-prevented%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
How are you sending the command to stop/retry a job? I suspect that the issue is not related to SSL,but to csfr_authenticity token not passed
– mabe02
Nov 22 '17 at 22:11
I am sending it through the UI myapp.my/sidekiq. In localhost, it does work without any issue
– Dudis
Nov 22 '17 at 23:25
I edited the comment It's due to the https redirection. With http:// it does work. How to tell the sidekiq to use https?
– Dudis
Nov 23 '17 at 0:08
Did you try also the second option suggested by github.com/mperham/sidekiq/wiki/Monitoring#forbidden ` Sidekiq::Web.use(::Rack::Protection, { use: :authenticity_token, logging: true, message: "Didn't work!" })`
– mabe02
Nov 23 '17 at 7:16
You can have a look at www.sourcediver.org/blog/2015/07/01/rack-protection-and-nginx/ referred in an issue on the GitHub source github.com/mperham/sidekiq/issues/2560
– mabe02
Nov 23 '17 at 7:19