杀死/重试作业时出现Heroku/Sidekiq错误-禁止403-防止攻击 [英] Heroku /Sidekiq error when kill/retry job - 403 Forbidden - Attack prevented

问题描述

我在heroku应用程序上使用Sidekiq，当我想终止工作或重试时，它会导致403禁止页面出现错误:

I use Sidekiq on my heroku app and when I want to kill a job or retry, it will lead to 403 forbidden page with an error:

WARN -- : attack prevented by Rack::Protection::HttpOrigin

我的heroku应用程序: http://myapp.herokuapp.com 我无法使用的域名: https://www.myapp.my

My heroku app: http://myapp.herokuapp.com My domain name where it does not work: https://www.myapp.my

在sidekiq 文档中，我发现这可以解决将错误添加到路由的问题.rb，但无济于事: Sidekiq :: Web.set:session_secret，Rails.application.secrets [:secret_key_base]

In sidekiq documentation, I found this to fix the error adding to the routes.rb but it does not help: Sidekiq::Web.set :session_secret, Rails.application.secrets[:secret_key_base]

我的session_store.rb文件:

My session_store.rb file:

Rails.application.config.session_store :cookie_store, key: '_myapp_session'

我想ssl存在问题.我为nginx.conf找到了此解决方案，但是如何进行设置在heroku上测试是否有帮助?

I guess there is an issue with the ssl. I found this solution for nginx.conf but how to set it up on heroku to test if this help?

proxy_set_header        X-Forwarded-Host 'my-host.com';
proxy_set_header        X-Forwarded-Proto $scheme;

或其他解决方案如何解决403禁止?

Or any other solution how to solve the 403 forbidden?

我的路线

  require 'sidekiq/web'

  authenticate :admin do
    mount Sidekiq::Web => '/sidekiq'
  end

它确实可以在localhost上运行，但不能在生产环境中使用

It does work on localhost but not in production

编辑#2:如果我关闭https并让我的应用程序位于http上，它确实可以正常工作，那么如何告诉我的应用程序/sidekiq使用https?

Edit #2: If I switch off the https and let my app to be on http, it does work so how to tell my app/sidekiq to use https?

proxy_set_header X-Forwarded-Proto $ scheme;

proxy_set_header X-Forwarded-Proto $scheme;

这将告诉您的应用程序原始请求已传入 即使从nginx到独角兽的请求是http，也要使用https.

This will tell your application that the original request came in using https even though the request from nginx to unicorn is http.

但是如何在heroku上做到呢?

But how to do it on heroku?

推荐答案

我在heroku上也遇到了同样的问题.

I've faced same problem on heroku.

自定义域的解决方案；

Solution for custom domains;

• 您需要在配置文件中强制ssl您的rails应用程序.因为heroku应用程序对应用程序URL使用默认的https方案.如果不强制执行，它将在转发请求时使用不同的方案. config/environments/production.rb

• You need to force ssl your rails app in config file. Because heroku app use default https scheme for app url. If you do not force it, it will use different schemes in forwarding requests. config/environments/production.rb

# Force ssl
config.force_ssl = true

如果您在heroku上使用免费的dynos，则不能使用ssl功能，而应使用heroku应用程序的URL来访问sidekiq Web ui https://your-app.herokuapp.com/sidekiq

If you are using free dynos on heroku, you can not use ssl feature and you should use heroku app url to access sidekiq web ui https://your-app.herokuapp.com/sidekiq

这篇关于杀死/重试作业时出现Heroku/Sidekiq错误-禁止403-防止攻击的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！