Getting 'Forbidden' on clicking 'Enqueue now' in staging and production environment.
Using 'rails', '5.1.6', sidekiq-cron (1.0.4) which uses fugit (~> 1.1) and sidekiq (>= 4.2.1)
I can see from sidekiq-cron issue 60 and sidekiq-cron issue 61 that issue got resolved a long back but still getting same issue.
Sidekiq::Web uses Rack::Protection to protect application against typical web attacks (e.g CSRF, XSS, etc). Rack::Protection would invalidate session and raise 'Forbidden' error if it finds that request doesn't satisfy security requirements. One of the possible situations is having application working behind a reverse proxy and not passing important headers to it (X-Forwarded-For,X-Forwarded-Proto).
Well after spending enough time figuring out the issue. This is what helped me.
Nginx configuration:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection '';
proxy_pass http://app;
#proxy_set_header X-Forwarded-Ssl on; # Optional
#proxy_set_header X-Forwarded-Port $server_port;
#proxy_set_header X-Forwarded-Host $host;
Other solutions, which did not work for me but worked for others: