Restore class-level middleware APIs for backwards compat, fixes #4821

sidekiq · Feb 21, 2021 · 50740f2 · 50740f2
1 parent f0ddebc
commit 50740f2
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 14 deletions.
diff --git a/Changes.md b/Changes.md
@@ -5,6 +5,7 @@
 HEAD
 ---------
 
+- Add process/thread stats to Busy page [#4806]
 - Refactor Web UI session usage. [#4804]
   Numerous people have hit "Forbidden" errors and struggled with Sidekiq's
   Web UI session requirement. If you have code in your initializer for
@@ -29,9 +30,8 @@ If this is a bare Rack app, use a session middleware before Sidekiq::Web:
   use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
   run Sidekiq::Web
 ```
-- Add process/thread count summary to Busy page [#4806]
 
-  6.1.3
+6.1.3
 ---------
 
 - Warn if Redis is configured to evict data under memory pressure [#4752]

diff --git a/lib/sidekiq/web.rb b/lib/sidekiq/web.rb
@@ -63,6 +63,14 @@ def disable(*opts)
         opts.each { |key| set(key, false) }
       end
 
+      def middlewares
+        @middlewares ||= []
+      end
+
+      def use(*args, &block)
+        middlewares << [args, block]
+      end
+
       def set(attribute, value)
         send(:"#{attribute}=", value)
       end
@@ -89,7 +97,7 @@ def settings
     end
 
     def middlewares
-      @middlewares ||= []
+      @middlewares ||= self.class.middlewares
     end
 
     def use(*args, &block)
@@ -129,18 +137,11 @@ def self.register(extension)
       extension.registered(WebApplication)
     end
 
-    def default_middlewares
-      @default ||= [
-        [[Sidekiq::Web::CsrfProtection]],
-        [[Rack::ContentLength]]
-      ]
-    end
-
     private
 
     def build
       klass = self.class
-      m = middlewares + default_middlewares
+      m = middlewares
 
       ::Rack::Builder.new do
         %w[stylesheets javascripts images].each do |asset_dir|
@@ -150,7 +151,7 @@ def build
         end
 
         m.each { |middleware, block| use(*middleware, &block) }
-
+        use Sidekiq::Web::CsrfProtection unless $TESTING
         run WebApplication.new(klass)
       end
     end

diff --git a/test/test_web.rb b/test/test_web.rb
@@ -18,7 +18,7 @@ def job_params(job, score)
 
   before do
     Sidekiq.redis {|c| c.flushdb }
-    app.default_middlewares.clear
+    app.middlewares.clear
   end
 
   class WebWorker
@@ -767,7 +767,7 @@ def app
       app
     end
 
-    it 'requires basic authentication' do
+    it 'requires uses session options' do
       get '/'
 
       session_options = last_request.env['rack.session'].options