Trying to avoid "attack reported by Rack::Protection::AuthenticityToken" message

Question

I have a new Padrino 0.13.1 project that I am hosting on an AWS Elastic Beanstalk worker instance. The worker instance has a cron job that calls a POST every 5 minutes in my Padrino app. I have defined the routine as follows:

post :myroutine, :with => :myparams, :csrf_protection => false do
  # ... do some stuff
  status 200
end

I have also configured /config/apps.rb as follows:

Padrino.configure_apps do
  set :session_secret, '...'
  set :protection, :except => :path_traversal
  set :protection_from_csrf, true
  set :allow_disabled_csrf, true
end

The worker instance does a post to http://localhost:80/myroutine/somevar every 5 minutes. The nginx access.log file shows:

127.0.0.1 - - [21/Mar/2016:04:49:59 +0000] "POST /myroutine/01234 HTTP/1.1" 200 0 "-" "aws-sqsd/2.0" "-"

But in my AWS production.log file, I also see this come up every 5 minutes:

WARN - 21/Mar/2016 04:49:59 attack reported by Rack::Protection::AuthenticityToken

Strangely, the routine executes fine, and does what it is supposed to do. I would just like to stop my log file from filling up with the Rack::Protection error every 5 minutes.

Is this because of a misconfigured csrf setting somewhere, or a bug?

Answer 1

it is caused by nginx reverse proxy setting.

which may lost http related information , result session information lost.

https://github.com/znc/znc/issues/946 i just add below line and it works :

proxy_set_header        X-Real_IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header        X-NginX-Proxy   true;
proxy_set_header        Host            $http_host;
proxy_set_header        Upgrade         $http_upgrade;
proxy_pass_header       Set-Cookie;