Sidekiq: Random "Forbidden" errors in sidekiq-web
Ever since I've upgraded from sidekiq 5.0 to 5.1 (and sidekiq-pro from 3.x to 4.0), I'm getting Forbidden to most non-GET requests in sidekiq web ui (e.g. when trying to retry multiple/all jobs from morgue).
Ruby version: 2.4.2
Sidekiq version: 5.1
Sidekiq pro version: 4.0
Sidekiq Initializer:
Sidekiq::Client.reliable_push! unless Rails.env.test?
Sidekiq.configure_server do |config|
config.super_fetch!
config.reliable_scheduler!
end
Routes.rb:
Rails.application.routes.draw do
require 'sidekiq/pro/web'
require 'sidekiq-scheduler/web'
if Rails.env.production?
Sidekiq::Web.use Rack::Auth::Basic do |username, password|
ActiveSupport::SecurityUtils.secure_compare(username, ENV.fetch('SIDEKIQ_USERNAME')) &
ActiveSupport::SecurityUtils.secure_compare(password, ENV.fetch('SIDEKIQ_PASSWORD'))
end
end
mount Sidekiq::Web, at: '/sidekiq'
end
Error Log:
Started POST "/sidekiq/morgue" for 62.4.55.92 at 2018-02-19 08:51:08 +0000
WARN -- : attack prevented by Rack::Protection::AuthenticityToken
assembler
All 2 comments
This is all I can suggest:
https://github.com/mperham/sidekiq/wiki/Monitoring#forbidden
I know nothing more than what that wiki page contains. You might find it easier to ditch R:A:B and put /sidekiq behind your Rails auth.
mperham
on 19 Feb 2018
Thanks for pointing to that page. This worked for me:
# routes.rb
require 'sidekiq/pro/web'
Sidekiq::Web.set :session_secret, Rails.application.secrets[:secret_key_base]
❤3
Was this page helpful?
0 / 5 - 0 ratings
Related issues
homanchou
路
3Comments
edgarjs
路
3Comments
mperham
路
4Comments
nikhilm492
路
4Comments
andrewhavens
路
4Comments
Most helpful comment
Thanks for pointing to that page. This worked for me: