Search code examples
rubysinatraracksidekiq

Sidekiq web panel shows forbidden

I have mounted the Sidekiq panel in my Sinatra app like this:

require 'rubygems'
require 'bundler'
require 'sidekiq/web'

env = ENV['RACK_ENV'].to_sym || :development

Bundler.require(:default, :sinatra, env)
disable :run
Encoding.default_external = Encoding::UTF_8

set :environment, env

use Rack::ShowExceptions
use Rack::Session::Pool
use Rack::MethodOverride

Sidekiq::Web.use Rack::Session::Pool

require File.expand_path '../app/my_app.rb', __FILE__
run Rack::URLMap.new("/" => MyApp.new, "/sidekiq" => Sidekiq::Web.new)

This means my app is accessible through / and the sidekiq web panel through /sidekiq.

Now when I try to delete a job, I always get Forbidden. I read here https://github.com/mperham/sidekiq/issues/1289 and here https://github.com/mperham/sidekiq/issues/2487 but wether upgrading to rack-protection > 1.5.1 nor setting a session for Sidekiq::Web has solved the problem so far.

I'm starting my server with rackup using WEBrick, so I think this shouldn't be a server problem.

I'm using sinatra 1.4.2 with sidekiq 3.5.1. Any ideas on how to solve this?

Solution

  • I've found a solution. First I updated from sidekiq 3.4.2 to 4.0.1 and from sinatra 1.4.2 to 1.4.6. No problems so far.

    The problem with the Forbidden message was a missing authenticity token for sidekiq's web panel. By adding the following lines, it worked:

    require 'rubygems'
require 'bundler'
require 'sidekiq/web'

#####################################
# added a require for rack/protection
require 'rack/protection'
#####################################

env = ENV['RACK_ENV'].to_sym || :development

Bundler.require(:default, :sinatra, env)
disable :run
Encoding.default_external = Encoding::UTF_8

set :environment, env

use Rack::ShowExceptions
use Rack::Session::Pool
use Rack::MethodOverride
#####################################
# tell sinatra to use rack's protection methods
use Rack::Protection
#####################################

require File.expand_path '../app/my_app.rb', __FILE__
run Rack::URLMap.new("/" => MyApp.new, "/sidekiq" => Sidekiq::Web.new)

    Also have a look at https://github.com/sinatra/rack-protection where all the protection methods are listed.