Sinatra app on Heroku responds with Forbidden if I follow links

Question

I've created a little Sinatra app and use Puma to run it. I've deployed my app to Heroku and everything works fine, but if I follow an external link to my app, I get the response Forbidden. Where does this come from?

The app only defines one HTTP method:

require 'sinatra'

get '/' do
  headers 'Content-Type' => 'application/json'
  body 'Hello World'
end

For example following https://contactsampleprovider.herokuapp.com/ will result in Forbidden, but entering the URL manually in the browser works fine.

If I leave out the headers-call, everything works as expected.

@yez: No of course not. The whole purpose of the app is to randomly generate test data. — Malte Schmitz, Oct 20 '15 at 21:15

score 0 · Accepted Answer · edited May 23 '17 at 12:29

0

This is a feature of Rack protection that seems to be enabled automatically if you set the content type to JSON. It can be disabled by

set :protection, :except => [:json_csrf]

as described for example in this question on Sinatra and Rack protection.

edited May 23 '17 at 12:29

Community

1
1

answered Oct 20 '15 at 21:43

Malte Schmitz

51
1
4

Sinatra app on Heroku responds with Forbidden if I follow links

1 Answers1