Sidekiq 3.4.2 produces Rack::Protection::AuthenticityToken Error when mounting in Padrino

[hbrysiewicz]

Example Repository

When trying to mount Sidekiq application within Padrino, Rack::Protection::AuthenticityToken Error is produced. See example repository for bare bones demonstration. The exact same project works when Sidekiq is explicitly set to 3.4.1.

Much thanks to the Padrino team and also @jc00ke on the Sidekiq team for the great communication up until now.

[mperham]

Sorry you are seeing this pain. Sidekiq 3.4.2 requires a session store to fix a severe security issue.

This behavior is not a bug and I'm not an expert in Padrino so I can't tell you how to add a session store. You'll need to consult the Rack / Padrino docs for details. A bare Rack example is here:

https://github.com/mperham/sidekiq/wiki/Monitoring#standalone

[hbrysiewicz]

Hi @mperham I actually did consult the Padrino team before bringing this back to the Sidekiq team. padrino/padrino-framework#1944 who seem to think it is a Sidekiq issue. The standalone doc you have referenced does not actually fix the issue. I realize both teams want to blame the other but would you mind just looking at the example repo or maybe talking to the Padrino team about where the issue lies?

[jc00ke]

I believe #2462 should fix this issue. Fingers crossed!